Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/py
- """
- Codeado por isseu (twitter.com/isseu)
- Grax CPH, DDLR, H-SEC
- 1.0 Beta 19/09/2011
- """
- import sys,re,argparse,os,fnmatch
- inputs = ["\$\_request","\$\_post","\$\_get","\$\_server\[[\"']php\_self[\"']","\$\_cookie"]
- bugs = [
- ["(print|echo)(\s?\(\s?)?(%&1&%)","[\"']\s*[\+\.]\s*(%&1&%)",
- "(file_include|include|require|include_once|require_once)(\b|\()+(%&1&%)\[",
- "<\?=\t*(%&1&%)\[","(src|href)\=[\"']\<\?\s*(php)*\s*(echo|print|=)\s*\$_server\[[\"']php_self[\"']",
- "phpinfo\(","(shell_exec|system|exec|popen|passthru|proc_open|pcntl_exec)\(",
- "(eval|assert|create_function)\("
- ]
- ,
- ["XSS","XSS/SQLI","LFI/RFI","XSS","XSS","DATA LEAK","CMD EXECUTION","CODE EXECUTION"]
- ]
- def Rojo(a):
- if os.name=="posix": #linux
- return "\33[31m"+a+"\033[0m"
- else: #not linux
- return a
- def BuscarArchivosRecursivo(path,regex):
- matches = []
- for root, dirnames, filenames in os.walk(path):
- for filename in fnmatch.filter(filenames, regex):
- matches.append(os.path.join(root, filename))
- return matches
- def Escanear_Archivo(archivo,args):
- nombre = False;
- FILE = open(archivo,"r")
- line = FILE.readline()
- # Se reinician en cada archivo
- variables = inputs[:]
- # Cada linea
- i = 1; # de linea
- while line:
- # Si se anade variable
- if args.heuristic:
- dat = re.search("^\s\$.*\s?\.?\s?=\s?(\".*\"\s*[\.\+]\s*)*\$_(get|post|request)",line,flags=re.IGNORECASE)
- if dat:
- if nombre == False:
- print "[+] File: " + archivo
- nombre = True;
- variables.append("\$" + re.escape(dat.group(0)[1:dat.group(0).index("=")]))
- print " [!] Watch var at line "+str(i)+": " + line.strip()
- # Cada bugs
- for a in range(0,len(bugs[0])):
- se = re.search((bugs[0][a]).replace("%&1&%","|".join(variables)),line,flags=re.IGNORECASE)
- if se:
- if nombre==False:
- print "[+] File: "+archivo
- nombre = True;
- print " "+Rojo("[!]")+" Line "+str(i)+": "+line.strip()+" ("+bugs[1][a]+")"
- line = FILE.readline()
- i+=1;
- def Banner():
- print """
- ______ _ _ _ ____ _____
- | ____| | | | | | | _ \ / ____|
- | |__ | | ___ _ __ | |__ __ _ _ __ | |_ | |_) | (___
- | __| | |/ _ \ '_ \| '_ \ / _` | '_ \| __| | _ < \___ \
- | |____| | __/ |_) | | | | (_| | | | | |_ | |_) |____) |
- |______|_|\___| .__/|_| |_|\__,_|_| |_|\__| |____/|_____/ .py
- | |
- |_|
- [+] Coded by """+Rojo("Isseu")
- def ShowExpressions():
- print "[+] Regular expressions ("+str(len(bugs[0]))+"):"
- for i in range(0,len(bugs[0])):
- print " \""+bugs[0][i]+"\" ("+bugs[1][i]+")"
- if __name__ == "__main__":
- Banner()
- parser = argparse.ArgumentParser(description='Found common errors in php scripts',epilog='Have Fun!')
- parser.add_argument('PATH', type=str,help='File to analyze')
- parser.add_argument('-e', type=str,help='Extensions to analyse (Default: php) example -e (php|plp)',metavar="php",default="php")
- parser.add_argument('-he', '--heuristic', help='Work with heuristic, advanced',action='store_true')
- parser.add_argument('-v', '--version', help='Show version', action='version', version='[+] %(prog)s 1.0 Beta')
- parser.add_argument('-r', help='Show regex expressions', action='store_true')
- args = parser.parse_args()
- if(args.r):
- ShowExpressions()
- if(os.path.exists(args.PATH)==False):
- print "PATH doesn't exist"
- exit();
- archivos = BuscarArchivosRecursivo(args.PATH,'*.'+args.e)
- print "[+] Scan Started ("+str(len(archivos))+" archivos)"
- for i in range(0,len(archivos)):
- Escanear_Archivo(archivos[i],args)
- print "[+] Scan Finished"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement