JCE Google Harvester

1. <?php
2. echo "
3. _____            _ _      _     _                  
4. | ____|_ __   ___(_) | __ | |   (_)_ __  _   ___  __
5. |  _| | '_ \ / __| | |/ / | |   | | '_ \| | | \ \/ /
6. | |___| | | | (__| |   <  | |___| | | | | |_| |>  <
7. |_____|_| |_|\___|_|_|\_\ |_____|_|_| |_|\__,_/_/\_\
8.        
9. [*]-----------------------------------------------------------------------[*]
10. [+] Script Name          : Joomla JCE Dork Scanner
11. [+] Version              : 0.1
12. [+] Programed By         : G-B
13. [+] Made By              : Encik Linux
14. [+] Email                : [email protected] , [email protected]
15. [+] Use                  : php $_SERVER[PHP_SELF]
16. [+]
17. [+]                        Ini~ Semua!~ Poyo!
18. [+]
19. [+]-----------------------------------------------------------------------[+]
20. |            Tidak Semua Vulnerable Site Vulnerable (:                    |
21. |      Priv8 \!/ Priv8 \!/ Priv8 \!/ Priv8 \!/ Priv8 \!/ Priv8 \!/        |
22. [+]-----------------------------------------------------------------------[+]
23. ";
24. $a = true;
25. while($a){
26.     echo "[*] Masukkan Dork  -> ";
27.     $ip = trim(fgets(STDIN,1024));
28.     if(!checkIP($ip)){
29.         echo "\n[~] IP Biar benor sikit noh.\n\n";
30.     }else{
31.         $a = false;
32.     }
33. }
34. echo "\n";
35. $fp = fopen('jce-results.txt','a+');
36. fwrite($fp,"[*]-----------------------------------------------------------------------[*]
37. _____            _ _      _     _                  
38. | ____|_ __   ___(_) | __ | |   (_)_ __  _   ___  __
39. |  _| | '_ \ / __| | |/ / | |   | | '_ \| | | \ \/ /
40. | |___| | | | (__| |   <  | |___| | | | | |_| |>  <
41. |_____|_| |_|\___|_|_|\_\ |_____|_|_| |_|\__,_/_/\_\
42.        
43. [*]-----------------------------------------------------------------------[*]
44. [+] Script Name          : Joomla JCE Dork Scaner
45. [+] Version              : 0.1
46. [+] Programed By         : G-B
47. [+] Made By              : Encik Linux
48. [+] Email                : [email protected]
49. [+] Result For           : $ip
50. [*]-----------------------------------------------------------------------[*]
51.  
52. ");
53. $dork = urlencode("$ip");
54. $pages = pages($dork);
55. $scanaed = array();
56. for($i=1;$i<=$pages;$i=$i+10){
57.     $src = send("http://www.bing.com/search?q=$dork&first=$i");
58.     preg_match_all('/<cite>(.*?)<strong>/',$src,$matches);
59.     $sites = $matches[1];
60.     foreach($sites as $site){
61.         $sitet = trim(str_replace('www.','',str_replace('/','',$site)));
62.         if(eregi('<',$sitet) || eregi('\?',$sitet)) continue;
63.         if(in_array($sitet,$scanaed)) continue;
64.             $scanaed[] = $sitet;
65.             echo "[~] check [ $site ] : ";
66.             $header = get_headers("http://$site/components/com_jce/");
67.             if(eregi('404',$header[0])){
68.                 echo "No.\n";
69.             }else{
70.                 echo "Yes.\n";
71.                 fwrite($fp,"http://$site
72. ");
73.             }
74.     }
75. }
76.  
77. fclose($fp);
78.  
79. function send($url,$post=false,$ref=false,$follow=false){
80.     $cookies = getcwd().'/cookies';
81.     $header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,";
82.     $header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
83.     $header[] = "Cache-Control: max-age=0";
84.     $header[] = "Connection: keep-alive";
85.     $header[] = "Keep-Alive: 300";
86.     $header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3";
87.     $header[] = "Accept-Language: en-US,en;q=0.8 ";
88.     $header[] = "Pragma: ";
89.     $ch = curl_init();
90.     curl_setopt($ch,CURLOPT_URL,$url);
91.     curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,false);
92.     curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);
93.     curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
94.     curl_setopt($ch,CURLOPT_COOKIEFILE,$cookies);
95.     curl_setopt($ch,CURLOPT_COOKIEJAR,$cookies);
96.     curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
97.     curl_setopt($ch,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.2; rv:17.0) Gecko/20100101 Firefox/17.0');
98.     if($post){
99.         curl_setopt($ch,CURLOPT_POST,true);
100.         curl_setopt($ch,CURLOPT_POSTFIELDS,$post);
101.     }
102.     if($follow) curl_setopt($ch,CURLOPT_FOLLOWLOCATION,true);
103.     if($ref) curl_setopt($ch,CURLOPT_REFERER,$ref);
104.     $return = curl_exec($ch);
105.     curl_close($ch);
106.     unlink($cookies);
107.     return $return;
108. }
109. function pages($dork){
110.     $src = send("http://www.bing.com/search?q=$dork&go=&qs=n&sk=&filt=all&first=199&FORM=PERE3");
111.     $ex = explode('<span class="sb_count" id="count">',$src);
112.     $ex = explode('-',$ex['1']);
113.     return $ex[0];
114. }
115. function checkIP( $ip )
116. {
117.     if( !empty( $ip ) && ip2long( $ip ) != 0 - 1 && ip2long( $ip ) != false )
118.     {
119.         $private_ips = array(
120.             array( "0.0.0.0", "2.255.255.255" ),
121.             array( "10.0.0.0", "10.255.255.255" ),
122.             array( "127.0.0.0", "127.255.255.255" ),
123.             array( "169.254.0.0", "169.254.255.255" ),
124.             array( "172.16.0.0", "172.31.255.255" ),
125.             array( "192.0.2.0", "192.0.2.255" ),
126.             array( "192.168.0.0", "192.168.255.255" ),
127.             array( "255.255.255.0", "255.255.255.255" )
128.         );
129.         foreach( $private_ips as $r )
130.         {
131.             $min = ip2long( $r[0] );
132.             $max = ip2long( $r[1] );
133.             if( $min <= ip2long( $ip ) && ip2long( $ip ) <= $max )
134.             {
135.                 return false;
136.             }
137.         }
138.         return true;
139.     }
140.     return true;
141. }
142. ?>