binger priv8

1. #!/usr/bin/perl
2.  
3. # irc.Priv8.jp #priv8
4.  
5. use threads;
6. use threads::shared;
7. use Thread::Queue;
8. use Thread::Semaphore;
9. use HTTP::Headers;
10. use HTTP::Request;
11. use HTTP::Response;
12. use LWP::UserAgent;
13. use HTTP::Cookies;
14. use Socket;
15.  
16.  
17.  
18. if (!$ARGV[1]) {
19. print "Modo de uso:\nperl $0 <wordlist> <threads>\n";
20. exit();
21. }
22. $SIG{"INT"} = "IGNORE";
23. $SIG{"HUP"} = "IGNORE";
24. $SIG{"TERM"} = "IGNORE";
25. $SIG{"CHLD"} = "IGNORE";
26. my $pid=fork;
27. exit if $pid;
28. die "Problema com o fork: $!" unless defined($pid);
29.  
30. $|++;
31. sleep(4);
32. # inicialização de variaveis
33. my $q = Thread::Queue->new();
34. my $semaphore = Thread::Semaphore->new();
35.  
36. my $word = $ARGV[0];
37. my $max_threads = $ARGV[1];
38. my @wordlist = ();
39. my $arq; #file pointer
40. my $conta_linha = 0;
41. my %rep = ();
42.  
43. our $xs : shared = 0;
44.  
45. # processamento da wordlist
46. print "[+] Loading wordlist, please wait\n";
47.  
48. open($arq, "<$word") or die "$!\n";
49. while (<$arq>) {
50. my $linha = $_;
51. chomp $linha;
52. push(@wordlist, $linha);
53. $conta_linha++;
54. }
55. close($arq);
56. print "[+] Foram carregadas $conta_linha palavras.\n[+] Iniciando buscas...\n";
57.  
58.  
59. #inicio da busca
60. &threadnize("search", @wordlist);
61. #fim da busca
62.  
63. print "\n[+] Removendo sites repetidos\n";
64. $conta_linha = 0;
65. open($arq, "<sites.txt") or die "$!\n";
66. while (<$arq>) {
67. my $linha = $_;
68. chomp $linha;
69. if (!$rep{$linha}) {
70. $rep{$linha} = 1;
71. $conta_linha++;
72. }
73. }
74. close($arq);
75.  
76.  
77. open($arq, ">sites.txt") or die "$!\n";
78. foreach my $key (keys %rep){
79. print $arq $key . "\n";
80. }
81. close($arq);
82.  
83. $conta_linha = 0;
84. my @wordlist2 = ();
85. print "[+] Carregando lista de sites para resolver ip e buscar mais dominios\n";
86. open($arq, "<sites.txt") or die "$!\n";
87. while (<$arq>) {
88. my $linha = $_;
89. chomp $linha;
90. push(@wordlist2, $linha);
91. }
92. close($arq);
93. $xs = 0;
94.  
95. &threadnize("dns", @wordlist2);
96.  
97.  
98. print "\n[+] Removendo sites repetidos\n";
99. %rep = ();
100. open($arq, "<sites.txt") or die "$!\n";
101. while (<$arq>) {
102. my $linha = $_;
103. chomp $linha;
104. if (!$rep{$linha}) {
105. $rep{$linha} = 1;
106. $conta_linha++;
107. }
108. }
109. close($arq);
110.  
111.  
112. open($arq, ">sites.txt") or die "$!\n";
113. foreach my $key (keys %rep){
114. print $arq $key . "\n";
115. }
116. close($arq);
117.  
118. print "[+] Total de sites encontrados: $conta_linha\n";
119. print "[+] iniciando bruteforce com 400 threads\n";
120. system("perl scan.pl sites.txt 400");
121.  
122.  
123.  
124.  
125.  
126.  
127.  
128. ######################### SUBS #################################
129.  
130.  
131. sub search(){
132. while($q->pending() > 0){
133. $semaphore->down();
134. my $search = $q->dequeue;
135. $semaphore->up();
136. next if(not defined $search);
137.  
138.  
139. my $x = 0;
140. my $y = 701;
141. my ($bing, $response) = "";
142. my %sites = ();
143. for($x=0; $x <= $y; $x+=10){
144. $bing = 'http://www.bing.com/search?q='.$search.'&first='.$x.'&FORM=PORE';
145. $response = &GET($bing);
146. while ($response =~ m/<cite>(.*?)<\/cite>/g){
147. my $site = $1;
148. $site =~s/<strong>|<\/strong>//g;
149. $site = substr($site, 0, index($site, '/')) if($site =~/\//);
150. if(!$sites{$site}){
151. $sites{$site} = 1 if($site =~/^[a-zA-Z0-9\.\-]+$/);
152. }
153. }
154. $y = 10 * &getmax($response) + 1;
155. }
156. my $si = "";
157. foreach my $key (keys %sites){
158. $si .= $key . "\n";
159. $semaphore->down();
160. $xs++;
161. $semaphore->up();
162. }
163. my $a;
164. $semaphore->down();
165. open($a, ">>sites.txt");
166. print $a $si;
167. close($a);
168. print "[+] sites encontrados: [$xs] buscas restantes [". $q->pending ."] \r";
169. $semaphore->up();
170. }
171.  
172. }
173.  
174.  
175.  
176.  
177.  
178. sub search2(){
179. my $search = shift;
180. my $x = 0;
181. my $y = 701;
182. my ($bing, $response) = "";
183. my %sites = ();
184. for($x=0; $x <= $y; $x+=10){
185. $bing = 'http://www.bing.com/search?q='.$search.'&first='.$x.'&FORM=PORE';
186. $response = &GET($bing);
187. while ($response =~ m/<cite>(.*?)<\/cite>/g){
188. my $site = $1;
189. $site =~s/<strong>|<\/strong>//g;
190. $site = substr($site, 0, index($site, '/')) if($site =~/\//);
191. if(!$sites{$site}){
192. $sites{$site} = 1 if($site =~/^[a-zA-Z0-9\.\-]+$/);
193. }
194. }
195. $y = 10 * &getmax($response) + 1;
196. }
197. my $si = "";
198. foreach my $key (keys %sites){
199. $si .= $key . "\n";
200. $semaphore->down();
201. $xs++;
202. $semaphore->up();
203. }
204. my $a;
205. $semaphore->down();
206. open($a, ">>sites.txt");
207. print $a $si;
208. close($a);
209. print "[+] sites encontrados: [$xs] buscas restantes [". $q->pending ."] \r";
210. $semaphore->up();
211. }
212.  
213.  
214.  
215.  
216.  
217.  
218.  
219. sub getmax(){
220. my $content = shift;
221. my $max = 0;
222. while($content =~m/<li><a href="\/search\?q=.+">(\d+)<\/a><\/li>/g){
223. $max = $1;
224. }
225. return $max;
226. }
227.  
228.  
229.  
230. sub threadnize(){
231. my ($fun, @tests) = @_;
232. @_=();
233. foreach my $test (@tests){
234. $q->enqueue($test) if($test);
235. }
236. my $x=0;
237. my @threads = ();
238. while($q->pending() > 0 && $x <= $max_threads-1){
239. no strict 'refs';
240. push @threads, threads->new(\&{$fun});
241. $x++;
242. }
243.  
244. sleep(2);
245. foreach my $running (@threads) {
246. $running->join();
247. }
248. @threads = ();
249. }
250.  
251.  
252.  
253. sub GET(){
254. my $url1 = shift;
255. return 0 if(!$url1);
256. return 0 if($url1 !~/^https?:\/\//);
257. my $headers = HTTP::Headers->new();
258. $headers->remove_header('Connection');
259. $headers->header('Accept' => "text/html, application/xhtml+xml, application/xml",
260. 'Accept-Language' => "en-US,en",
261. 'Accept-Encoding' => "gzip, deflate",
262. 'Connection' => "Keep-alive",
263. 'Keep-Alive' => 30);
264.  
265. my $req = HTTP::Request->new('GET', $url1, $headers);
266. my $ua = LWP::UserAgent->new(agent => "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7", ssl_opts => { verify_hostname => 0} );
267.  
268. $ua->timeout(15);
269. $ua->max_size(1024000);
270. $ua->protocols_allowed( [ 'http'] );
271. my $response=$ua->request($req);
272. my $code = $response->code;
273. if($response->is_success){
274. return $response->decoded_content;
275. }
276. elsif($code == 404){
277. return "error";
278. }
279. else{
280. return $code;
281. }
282.  
283. }
284.  
285.  
286.  
287. sub dns(){
288. while($q->pending() > 0){
289. $semaphore->down();
290. my $url = $q->dequeue;
291. $semaphore->up();
292.  
293.  
294. my $ip = join(".", unpack("C4", (gethostbyname($url))[4]));
295. if (defined($ip)) {
296. &search2("ip:$ip") if(length($ip) > 6 && $ip =~/^\d+\.\d+\.\d+\.\d+$/);
297. }
298. undef $ip;
299.  
300.  
301. }
302. }