1337scan v0.4 (Modified Edition)

1. <!--
2. ########################################################################
3. # Script : 1337 Multiple CMS Scaner Online v0.4 ( Modified Edition Wink
4. # Author : AlternatorIWnet@Shahril
5. # Original Author : KedAns-Dz ( ked-h [ at ] hotmail [ dot ] com Wink
6. # Author HomePage : www.1337day.com
7. # What Change ?! :-
8. #    - Better Reverse IP method
9. #    - Replace File_Get_Contents with cURL
10. #    - Change Style  Wink
11. #       - Change PacketStormSecurity to Exploit-DB  Big Grin
12. #    - Remove Some Un-Expected Result (maybe have some more)
13. # Greets to : Dz Offenders Cr3W - Algerian Cyber Army - Inj3ct0r Team - TBD Security
14. #########################################################################
15.  
16. // Script Functions , start ..!
17. -->
18. <html>
19. <head>
20. <meta http-equiv="Content-Language" content="fr">
21. <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
22. <title>1337 Multiple CMS Scaner Online v0.4 (0!IIIV) by KedAns-Dz ( Modified by AlternatorIWnet )</title>
23. <meta content="KedAns-Dz , Inj3ct0r Team , 1337 Multiple CMS Scaner Online, AltenatorIWnet" name="description">
24. <link href="http://209.217.227.77/~forumant/favicon.ico" type="image/x-icon" rel="shortcut icon" />
25. <style>
26. @import url(http://fonts.googleapis.com/css?family=Fredoka+One);@import url(http://fonts.googleapis.com/css?family=A...ff; }
27. </style>
28.  
29. </head>
30.  
31. <body>
32.  
33. <p align="center">&nbsp;</p>
34. <p align="center">&nbsp;</p>
35. <p align="center">&nbsp;</p>
36. <p align="center"><font size="4">1337 Multiple CMS Scaner Online v0.4 (0!IIIV) | T0olKit By : KedAns-Dz </font></p><br><p align="center"><font size="4">( Modified by AltenatorIWnet )</font></p><br>
37. <form method="POST">
38. <p align="center"><input type="text" name="site" size="65" value=""><input type="submit" value="Scan.."></p>
39. </form><center>
40. <?php
41. @set_time_limit(0);
42. @error_reporting(0);
43.  
44. /* Use Curl to replace file_get_contents */
45. function getdata($url){
46.     $ch = curl_init($url);
47.     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
48.     $data = curl_exec ($ch);
49.     curl_close ($ch);
50.     return $data;
51. }
52.  
53. /* Check Exploit At Exploit-DB */
54. function check_exploit($cpmxx){
55.     $link = "http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=&filter_exploit_text=".$cpmxx."&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=";
56.     $result = @getdata("$link");
57.     if (strpos($result, "No results") != FALSE)
58.     {
59.         echo"<td>Not Found</td><td><a href='http://www.google.com/#hl=en&q=download+$cpmxx'>Download</a></td></tr>";
60.     }else{
61.         echo"<td><a href='$link'>Found</a></td><td><=</td></tr>";
62.     }
63. }
64.  
65.  
66. /* Joomla Conf */
67. function check_com($url){
68.     $source = @getdata("http://$url/");
69.     preg_match_all('{option,(.*?)/}i',$source,$f);
70.     preg_match_all('{option=(.*?)(&amp;|&|")}i',$source,$f2);
71.     preg_match_all('{/components/(.*?)/}i',$source,$f3);
72.     $arz=array_merge($f2[1],$f[1],$f3[1]);
73.     $coms=array();
74.     if(count($arz)==0){ echo "<tr><td colspan=3>[ Joomla ] ...Nothing Found !</td></tr>";}
75.     foreach(array_unique($arz) as $x){
76.         $coms[]=$x;
77.     }
78.     foreach($coms as $comm){
79.         if(strlen($comm) < 40) {
80.             echo "<tr><td>$comm</td>";
81.             check_exploit($comm);
82.         }
83.     }
84. }
85.  
86. /* WordPress Conf */
87. function get_plugins($url){
88.     $source = @getdata("http://$url/");
89.     preg_match_all("#/plugins/(.*?)/#i", $source, $f);
90.     $arz=array_unique($f[1]);
91.     if(count($arz)==0){
92.         echo "<tr><td colspan=3>[ Wordpress ] ...Nothing Found !</td></tr>";
93.     }
94.     foreach($arz as $plugin){
95.         if(strlen($plugin) < 40) {
96.             echo "<tr><td>$plugin</td>";
97.             check_exploit($plugin);
98.         }
99.     }
100. }
101.  
102. /* Nuke's Conf */
103. function get_numod($url){
104.     $source = @getdata("http://$url/");
105.     preg_match_all('{?name=(.*?)/}i',$source,$f);
106.     preg_match_all('{?name=(.*?)(&amp;|&|l_op=")}i',$source,$f2);
107.     preg_match_all('{/modules/(.*?)/}i',$source,$f3);
108.     $arz=array_merge($f2[1],$f[1],$f3[1]);
109.     $cpm=array();
110.     if(count($arz)==0){
111.         echo "<tr><td colspan=3>[ Nuke's ] ...Nothing Found !</td></tr>";
112.     }
113.     foreach(array_unique($arz) as $x){
114.         $cpm[]=$x;
115.     }
116.     foreach($cpm as $nmod){
117.         if(strlen($nmod) < 40) {
118.             echo "<tr><td>$nmod</td>";
119.             check_exploit($nmod);
120.         }
121.     }
122. }
123.  
124. /* Xoops Conf */
125. function get_xoomod($url){
126.     $source = @getdata("http://$url/");
127.     preg_match_all('{/modules/(.*?)/}i',$source,$f);
128.     $arz=array_merge($f[1]);
129.     $cpm=array();
130.     if(count($arz)==0){
131.         echo "<tr><td colspan=3>[ Xoops ] ...Nothing Found !</td></tr>";
132.     }
133.     foreach(array_unique($arz) as $x){
134.         $cpm[]=$x;
135.     }
136.     foreach($cpm as $xmod){
137.         if(strlen($xmod) < 40) {
138.             echo "<tr><td>$xmod</td>";
139.             check_exploit($xmod);
140.         }
141.     }
142. }
143.  
144. /**************************************************************/
145.  
146. if(!isset($_POST['site'])) { $credit = credit();die("<br><br>$credit"); }
147.  
148. function findit($mytext,$starttag,$endtag) {
149.     $posLeft  = @stripos($mytext,$starttag)+strlen($starttag);
150.     $posRight = @stripos($mytext,$endtag,$posLeft+1);
151.     return  @substr($mytext,$posLeft,$posRight-$posLeft);
152.     flush();
153. }
154.  
155. function CleanAndClear($site) {
156.     $output = strtolower($site);
157.     $aaa = array("http://" ,"/" ,"www.");
158.     foreach($aaa as $aa1) {
159.         if (strpos($output, "$aa1") != FALSE) {
160.             $output = (str_replace("$aa1", "", $output));
161.         }
162.     }
163.     return $output;
164. }
165.  
166. function reverse_ip($site){
167.     $getip = @file_get_contents("http://networktools.nl/reverseip/$site");
168.     $ipss    = @findit($getip,'<pre>','</pre>');
169.     return $ipss;
170.     flush();
171. }
172.  
173. function clean_array($site){
174.     $ipp = "<b>".gethostbyname(CleanAndClear($site))."</b>";
175.     $reverse = reverse_ip(CleanAndClear($site));
176.     $clean_string = CleanAndClear(str_replace("\n", " ", str_replace("Domains on $ipp: ", "", $reverse)));
177.     $clean_array = array_filter(explode(" ", trim(str_replace("  ","",$clean_string))));
178.     return $clean_array;
179. }
180.  
181. $start_array = clean_array($_POST['site']);
182.            
183. echo'<table border="1"  width=\"80%\" align=\"center\">
184. <tr><td width=\"30%\"><b>Server IP&nbsp;&nbsp;&nbsp;&nbsp; : </b></td><td><b>'.gethostbyname(CleanAndClear($_POST['site'])).'</b></td></tr>            
185. <tr><td width=\"30%\"><b>Sites Found&nbsp; : </b></td><td><b>'.count($start_array).'</b></td></tr>
186. </table>';
187.  
188. echo "<br><br>";
189. echo'<table border="1" width="80%" align=\"center\">';
190.  
191. foreach($start_array as $h3h3){
192.     echo'<tr id=new><td><b><a href=http://'.$h3h3.'/>'.$h3h3.'</a></b></td><td><b>Exploit-DB</b></td><td><b>Challenge of Exploiting ..!</b></td></tr>';
193.     check_com($h3h3);
194.     get_plugins($h3h3);
195.     get_numod($h3h3);
196.     get_xoomod($h3h3);
197. }
198.  
199. echo"</table>";
200.  
201. function credit(){
202.     echo "</center>
203.    <br><p align=\"center\">
204.    Coded By : <a href='http://facebook.com/KedAns'>KedAns-Dz</a> | Modified by <b>AltenatorIWnet</b> | <a href='http://1337day.com/'>Inj3ct0r 1337day Exploit Database</a><br>
205.    Made in Algeria | CopyCenter (^.^) 2o12
206.    </p>
207.    </body>
208.    </html>";
209. }
210. ?>
211. <!-- ' Thanks to KedAns-Dz Lagripe-Dz aNd K!LLer-Dz'-->