<?php
ini_set('display_errors', 0);
ini_set('log_errors', 0);
echo "
______ _ __ __
| ____| | | \ \ / /
_ __| |__ __| | \ V /
| '__| __| / _` | > <
| | | |___| (_| | / . \
|_| |______\__,_| /_/ \_\
[*]-----------------------------------------------------------------------[*]
[+] Script Name : Joomla JCE Server Scanner
[+] Use : php $_SERVER[PHP_SELF]
[*]-----------------------------------------------------------------------[*]
";
$a = true;
while($a){
echo "[*] Server IP -> ";
$ip = trim(fgets(STDIN,1024));
if(!checkIP($ip)){
echo "\n[~] Error. Please Set A Valid IP.\n\n";
}else{
$a = false;
}
}
echo "\n";
$fp = fopen('jce-results.txt','a+');
fwrite($fp,"[*]-----------------------------------------------------------------------[*]
rEd X
[*]-----------------------------------------------------------------------[*]
[+] Script Name : Joomla JCE Server Scanner
[+] Version : 1.0
[+] Programed By : G-B
[+] Email : g22b@hotmail.com
[+] Result For : $ip
[*]-----------------------------------------------------------------------[*]
");
$dork = urlencode("ip:$ip index.php?option=com_");
$pages = pages($dork);
$scanaed = array();
for($i=1;$i<=$pages;$i=$i+10){
$src = send("http://www.bing.com/search?q=$dork&first=$i");
preg_match_all('/<cite>(.*?)<strong>/',$src,$matches);
$sites = $matches[1];
foreach($sites as $site){
$sitet = trim(str_replace('www.','',str_replace('/','',$site)));
if(eregi('<',$sitet) || eregi('\?',$sitet)) continue;
if(in_array($sitet,$scanaed)) continue;
$scanaed[] = $sitet;
echo "[~] check [ $site ] : ";
$header = get_headers("http://$site/components/com_jce/index.html");
if(eregi('404',$header[0])){
echo "No.\n";
}else{
echo "Yes.\n";
fwrite($fp,"http://$site
");
}
}
}
fclose($fp);
function send($url,$post=false,$ref=false,$follow=false){
$cookies = getcwd().'/cookies';
$header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,";
$header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
$header[] = "Cache-Control: max-age=0";
$header[] = "Connection: keep-alive";
$header[] = "Keep-Alive: 300";
$header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3";
$header[] = "Accept-Language: en-US,en;q=0.8 ";
$header[] = "Pragma: ";
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,false);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch,CURLOPT_COOKIEFILE,$cookies);
curl_setopt($ch,CURLOPT_COOKIEJAR,$cookies);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.2; rv:17.0) Gecko/20100101 Firefox/17.0');
if($post){
curl_setopt($ch,CURLOPT_POST,true);
curl_setopt($ch,CURLOPT_POSTFIELDS,$post);
}
if($follow) curl_setopt($ch,CURLOPT_FOLLOWLOCATION,true);
if($ref) curl_setopt($ch,CURLOPT_REFERER,$ref);
$return = curl_exec($ch);
curl_close($ch);
unlink($cookies);
return $return;
}
function pages($dork){
$src = send("http://www.bing.com/search?q=$dork&go=&qs=n&sk=&filt=all&first=199&FORM=PERE3");
$ex = explode('<span class="sb_count" id="count">',$src);
$ex = explode('-',$ex['1']);
return $ex[0];
}
function checkIP( $ip )
{
if( !empty( $ip ) && ip2long( $ip ) != 0 - 1 && ip2long( $ip ) != false )
{
$private_ips = array(
array( "0.0.0.0", "2.255.255.255" ),
array( "10.0.0.0", "10.255.255.255" ),
array( "127.0.0.0", "127.255.255.255" ),
array( "169.254.0.0", "169.254.255.255" ),
array( "172.16.0.0", "172.31.255.255" ),
array( "192.0.2.0", "192.0.2.255" ),
array( "192.168.0.0", "192.168.255.255" ),
array( "255.255.255.0", "255.255.255.255" )
);
foreach( $private_ips as $r )
{
$min = ip2long( $r[0] );
$max = ip2long( $r[1] );
if( $min <= ip2long( $ip ) && ip2long( $ip ) <= $max )
{
return false;
}
}
return true;
}
return false;
}
?>