M4 Scanner

1. #!/Python27/python
2. #M4 SCANNER // By INJ3CTOR_M4
3. import cgi, requests, urllib, re
4. import cgitb; cgitb.enable()
5.  
6. print """Content-type: text/html\n\n
7. <style type="text/css">
8.     * { font-family: Arial; font-size: 12px; }
9.     body { margin: 0px; }
10.     pre { margin: 2px; }
11. </style>
12. <title> M4 SERVER SCANNER </title>
13. <form method="POST">
14. <center>
15. <br /><big><b><font color=black>[+] M4 SERVER SCANNER | By INJ3CTOR_M4 [+] <br />
16. <font color=black>[+] CGI Version [+] </b><br /></big><br />
17. <textarea cols=84 rows=10 name="targets" placeholder='127.0.0.1' /></textarea><br /><br />
18. <select name='scantype'>
19. <option value='Local File Include'>Local File Include</option>
20. <option value='SQL Injection'>SQL Injection</option>
21. <input type=submit value='Start Scan ..' />
22. </form>
23. """
24.  
25. def _Fix(site):
26.     try:
27.         return re.findall('(.*?)?(.*?)=(.*?)', site)[0][1]+'='
28.     except:
29.         pass
30.        
31. def lfi(link):
32.     site = _Fix(link)
33.     try:
34.         if re.search('failed to open stream', requests.get(site+'_m4_').text):
35.             print "<br /><b> %s <font color=green> Vulnerable !</font></b><br />"%(site)
36.         else:
37.             print "<br /><b> %s <font color=red> Not Vulnerable !</font></b><br />"%(link)
38.     except:
39.         pass
40.  
41. def check_sql_inj(link):
42.     try:
43.         data = requests.get(link+'%27').text
44.         if re.search('error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch_row()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error', data):
45.             print "<br /><b> %s <font color=green> Vulnerable !</font></b><br />"%(link)
46.         else:
47.             print "<br /><b> %s <font color=red> Not Vulnerable !</font></b><br />"%(link)
48.     except:
49.         pass
50.    
51. def Bing(dork):
52.     user_agent = {'User-Agent': 'SamsungI8910/SymbianOS/9.1 Series60/3.0'}
53.     alllinks = []
54.     i=1
55.     while True:
56.         data = requests.get('http://www.bing.com/search?q='+urllib.quote_plus(dork)+'&first='+str(i), headers=user_agent).text
57.         matches = re.findall('<h2 class="sb_h3 cttl"><a href="(.*?)"',data)
58.         for link in matches:
59.             alllinks.append(link)
60.         i+=10
61.         if not re.search('class="sb_pagN"', data):
62.             break
63.        
64.    
65.     return list(set(alllinks))
66.        
67. form = cgi.FieldStorage()
68. if form.has_key("targets"):
69.     targets = form.getvalue("targets").split("\n")
70.     if form.has_key("scantype"):
71.         scantype = form.getvalue("scantype")
72.         if scantype == 'Local File Include':
73.             for ip in targets:
74.                 print '<br /><br /><b>Start Scanning %s ...</b><br /><br />' %(ip)
75.                 dorks = ['.php?action=', '.php?download=', '.php?file=', '.php?f=', '.php?page=', '.php?pg=', '.php?pagina=', '.php?lang=', '.php?language=']
76.                 for dork in dorks:
77.                     for link in Bing('ip:'+ip+' '+dork):
78.                         lfi(link)
79.         elif scantype == 'SQL Injection':
80.             for ip in targets:
81.                 print '<br /><br /><b>Start Scanning %s ...</b><br /><br />' %(ip)
82.                 dorks = ['?id=', '.php?id=', '.php?category=', '.php?cat=', '.php?article_id=', '.php?product_id=', '?attachment_id=']
83.                 for dork in dorks:
84.                     for link in Bing('ip:'+ip+' '+dork):
85.                         check_sql_inj(link)