Joomla Vulnerability Scanner by ShinChan

1. <?php
2. # ShinChan - N45HT - N45HT.WEB.ID
3. # fb.com/angelia.put - fb.com/ShinChan.admin - fb.com/N45HTOfficial - fb.com/groups/N45HTOfficial
4. # shinchan0x1945@gmail.com
5.  
6. # Joomla Vulnerability Scanner - coded by ShinChan | copyright ShinChan@2017#
7.  
8. echo "
9.  ___  _  _  __  _  _  __  _  _   __   _  _     _    _  ____  ___
10. / __)( )( )(  )( \( )/ _)( )( ) (  ) ( \( )   ( \/\/ )(_  _)(  _)
11. \__ \ )__(  )(  )  (( (_  )__(  /__\  )  (  ___\    /   )(   ) _)
12. (___/(_)(_)(__)(_)\_)\__)(_)(_)(_)(_)(_)\_)(___)\/\/   (__) (_)  
13.        Joomla Vulnerability Scanner - coded by ShinChan
14.  
15.     Thanks to :  PETR03X - Comod0x - SCYTHE404_LOL - Grav3
16.                        All Members N45HT
17.  
18.  
19. ";
20. echo "Input your target (ex:victim.com) : ";
21. $target = trim(fgets(STDIN));
22. $totalvuln = "0";
23. $totalnotvuln = "0";
24.  
25. if(!preg_match("/^http:\/\//",$target) AND !preg_match("/^https:\/\//",$target)){
26.     $targets = "http://$target";
27. }else{
28.     $targets = $target;
29. }
30.  
31. echo "\n[~] Scanning => $targets";
32.  
33. /* Exploit COM SEXY - ShinChan - N45HT */
34. echo "\n\n[+] Testing Exploit COM_SEXY";
35. $urlsexy = "$targets/components/com_sexycontactform/fileupload/index.php";
36. $curlsexy = curl_init();
37. curl_setopt($curlsexy, CURLOPT_URL, $urlsexy);
38. curl_setopt($curlsexy, CURLOPT_FOLLOWLOCATION, 1);
39. curl_setopt($curlsexy, CURLOPT_RETURNTRANSFER, 1);
40. $response = curl_exec($curlsexy);
41. $httpCode = curl_getinfo($curlsexy, CURLINFO_HTTP_CODE);
42. curl_close($curlsexy);
43. if($httpCode == 200){
44.     echo "\n    > Result : 200 ok";
45.     echo "\n    > Exploit : COM_SEXY";
46.     echo "\n    > Tutorial : http://yobuilder.com/8uWs\n";
47.     $totalvuln = $totalvuln + 1;
48. }else{
49.     echo "\n    > Result : 404";
50.     echo "\n    > Not Vulnerable";
51.     $totalnotvuln = $totalnotvuln + 1;
52. }
53. /* Exploit COM SEXY - ShinChan - N45HT */
54.  
55. /* Exploit COM jDownloads - ShinChan - N45HT */
56. echo "\n\n[+] Testing Exploit COM_jDownloads";
57. $urljdownloads = "$targets/index.php?option=com_jdownloads&Itemid=1&view=upload";
58. $curljdownloads = curl_init();
59. curl_setopt($curljdownloads, CURLOPT_URL, $urljdownloads);
60. curl_setopt($curljdownloads, CURLOPT_FOLLOWLOCATION, 1);
61. curl_setopt($curljdownloads, CURLOPT_RETURNTRANSFER, 1);
62. $response = curl_exec($curljdownloads);
63. $httpCode = curl_getinfo($curljdownloads, CURLINFO_HTTP_CODE);
64. curl_close($curljdownloads);
65. if($httpCode == 200){
66.     echo "\n    > Result : 200 ok";
67.     echo "\n    > Exploit : COM_jDownloads";
68.     echo "\n    > Tutorial : http://yobuilder.com/8tlO\n";
69.     $totalvuln = $totalvuln + 1;
70. }else{
71.     echo "\n    > Result : 404";
72.     echo "\n    > Not Vulnerable";
73.     $totalnotvuln = $totalnotvuln + 1;
74. }
75. /* Exploit COM jDownloads - ShinChan - N45HT */
76.  
77. /* Exploit COM MEDIA - ShinChan - N45HT */
78. echo "\n\n[+] Testing Exploit COM_MEDIA";
79. $urlmedia = "$targets/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=";
80. $curlmedia = curl_init();
81. curl_setopt($curlmedia, CURLOPT_URL, $urlmedia);
82. curl_setopt($curlmedia, CURLOPT_FOLLOWLOCATION, 1);
83. curl_setopt($curlmedia, CURLOPT_RETURNTRANSFER, 1);
84. $response = curl_exec($curlmedia);
85. $httpCode = curl_getinfo($curlmedia, CURLINFO_HTTP_CODE);
86. curl_close($curlmedia);
87. if($httpCode == 200){
88.     echo "\n    > Result : 200 ok";
89.     echo "\n    > Exploit : COM_MEDIA";
90.     echo "\n    > Tutorial : http://yobuilder.com/8uUU\n";
91.     $totalvuln = $totalvuln + 1;
92. }else{
93.     echo "\n    > Result : 404";
94.     echo "\n    > Not Vulnerable";
95.     $totalnotvuln = $totalnotvuln + 1;
96. }
97. /* Exploit COM MEDIA - ShinChan - N45HT */
98.  
99. /* Exploit COM Jfuploader - ShinChan - N45HT */
100. echo "\n\n[+] Testing Exploit COM_Jfuploader";
101. $urljfuploader = "$targets/index.php?option=com_jfuploader&Itemid=1";
102. $curljfuploader = curl_init();
103. curl_setopt($curljfuploader, CURLOPT_URL, $urljfuploader);
104. curl_setopt($curljfuploader, CURLOPT_FOLLOWLOCATION, 1);
105. curl_setopt($curljfuploader, CURLOPT_RETURNTRANSFER, 1);
106. $response = curl_exec($curljfuploader);
107. $httpCode = curl_getinfo($curljfuploader, CURLINFO_HTTP_CODE);
108. curl_close($curljfuploader);
109. if($httpCode == 200){
110.     echo "\n    > Result : 200 ok";
111.     echo "\n    > Exploit : COM_Jfuploader";
112.     echo "\n    > Tutorial : http://yobuilder.com/8uBj\n";
113.     $totalvuln = $totalvuln + 1;
114. }else{
115.     echo "\n    > Result : 404";
116.     echo "\n    > Not Vulnerable";
117.     $totalnotvuln = $totalnotvuln + 1;
118. }
119. /* Exploit COM Jfuploader - ShinChan - N45HT */
120.  
121. /* Exploit COM USERS - ShinChan - N45HT */
122. echo "\n\n[+] Testing Exploit COM_USERS";
123. $urlusers = "$targets/index.php?option=com_users&view=registration";
124. $curlusers = curl_init();
125. curl_setopt($curlusers, CURLOPT_URL, $urlusers);
126. curl_setopt($curlusers, CURLOPT_FOLLOWLOCATION, 1);
127. curl_setopt($curlusers, CURLOPT_RETURNTRANSFER, 1);
128. $response = curl_exec($curlusers);
129. $httpCode = curl_getinfo($curlusers, CURLINFO_HTTP_CODE);
130. curl_close($curlusers);
131. if($httpCode == 200){
132.     echo "\n    > Result : 200 ok";
133.     echo "\n    > Exploit : COM_USERS";
134.     echo "\n    > Tutorial : http://yobuilder.com/94tM\n";
135.     $totalvuln = $totalvuln + 1;
136. }else{
137.     echo "\n    > Result : 404";
138.     echo "\n    > Not Vulnerable";
139.     $totalnotvuln = $totalnotvuln + 1;
140. }
141. /* Exploit COM USERS - ShinChan - N45HT */
142.  
143. /* Exploit COM KSAdvertiser - ShinChan - N45HT */
144. echo "\n\n[+] Testing Exploit COM_KSAdvertiser";
145. $urlksadviser = "$targets/index.php?option=com_user&view=login";
146. $curlksadviser = curl_init();
147. curl_setopt($curlksadviser, CURLOPT_URL, $urlksadviser);
148. curl_setopt($curlksadviser, CURLOPT_FOLLOWLOCATION, 1);
149. curl_setopt($curlksadviser, CURLOPT_RETURNTRANSFER, 1);
150. $response = curl_exec($curlksadviser);
151. $httpCode = curl_getinfo($curlksadviser, CURLINFO_HTTP_CODE);
152. curl_close($curlksadviser);
153. if($httpCode == 200){
154.     echo "\n    > Result : 200 ok";
155.     echo "\n    > Exploit : COM_KSAdvertiser";
156.     echo "\n    > Tutorial : http://yobuilder.com/8uHb\n";
157.     $totalvuln = $totalvuln + 1;
158. }else{
159.     echo "\n    > Result : 404";
160.     echo "\n    > Not Vulnerable";
161.     $totalnotvuln = $totalnotvuln + 1;
162. }
163. /* Exploit COM KSAdvertiser - ShinChan - N45HT */
164.  
165. /* Exploit COM OSProperty - ShinChan - N45HT */
166. echo "\n\n[+] Testing Exploit COM_OSProperty";
167. $urlosproperty = "$targets/component/osproperty/?task=agent_register";
168. $curlosproperty = curl_init();
169. curl_setopt($curlosproperty, CURLOPT_URL, $urlosproperty);
170. curl_setopt($curlosproperty, CURLOPT_FOLLOWLOCATION, 1);
171. curl_setopt($curlosproperty, CURLOPT_RETURNTRANSFER, 1);
172. $response = curl_exec($curlosproperty);
173. $httpCode = curl_getinfo($curlosproperty, CURLINFO_HTTP_CODE);
174. curl_close($curlosproperty);
175. if($httpCode == 200){
176.     echo "\n    > Result : 200 ok";
177.     echo "\n    > Exploit : COM_OSProperty";
178.     echo "\n    > Tutorial : http://yobuilder.com/8uNE\n";
179.     $totalvuln = $totalvuln + 1;
180. }else{
181.     echo "\n    > Result : 404";
182.     echo "\n    > Not Vulnerable";
183.     $totalnotvuln = $totalnotvuln + 1;
184. }
185. /* Exploit COM OSProperty - ShinChan - N45HT */
186.  
187. /* Exploit COM FABRIK - ShinChan - N45HT */
188. echo "\n\n[+] Testing Exploit COM_FABRIK";
189. $urlfabrik = "$targets/index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1";
190. $curlfabrik = curl_init();
191. curl_setopt($curlfabrik, CURLOPT_URL, $urlfabrik);
192. curl_setopt($curlfabrik, CURLOPT_FOLLOWLOCATION, 1);
193. curl_setopt($curlfabrik, CURLOPT_RETURNTRANSFER, 1);
194. $response = curl_exec($curlfabrik);
195. $httpCode = curl_getinfo($curlfabrik, CURLINFO_HTTP_CODE);
196. curl_close($curlfabrik);
197. if($httpCode == 200){
198.     echo "\n    > Result : 200 ok";
199.     echo "\n    > Exploit : COM_FABRIK";
200.     echo "\n    > Tutorial : http://yobuilder.com/94tM\n";
201.     $totalvuln = $totalvuln + 1;
202. }else{
203.     echo "\n    > Result : 404";
204.     echo "\n    > Not Vulnerable";
205.     $totalnotvuln = $totalnotvuln + 1;
206. }
207. /* Exploit COM FABRIK - ShinChan - N45HT */
208.  
209. /* Exploit COM Collector - ShinChan - N45HT */
210. echo "\n\n[+] Testing Exploit COM_Collector";
211. $urlcollector = "$targets/index.php?option=com_collector&view=filelist&tmpl=component&folder=&type=1";
212. $curlcollector = curl_init();
213. curl_setopt($curlcollector, CURLOPT_URL, $urlcollector);
214. curl_setopt($curlcollector, CURLOPT_FOLLOWLOCATION, 1);
215. curl_setopt($curlcollector, CURLOPT_RETURNTRANSFER, 1);
216. $response = curl_exec($curlcollector);
217. $httpCode = curl_getinfo($curlcollector, CURLINFO_HTTP_CODE);
218. curl_close($curlcollector);
219. if($httpCode == 200){
220.     echo "\n    > Result : 200 ok";
221.     echo "\n    > Exploit : COM_Collector";
222.     echo "\n    > Tutorial : http://yobuilder.com/8uP0\n";
223.     $totalvuln = $totalvuln + 1;
224. }else{
225.     echo "\n    > Result : 404";
226.     echo "\n    > Not Vulnerable";
227.     $totalnotvuln = $totalnotvuln + 1;
228. }
229. /* Exploit COM Collector - ShinChan - N45HT */
230.  
231. echo "\n\n [x] Result :";
232. echo "\n    [~] Total Vulnerability = $totalvuln";
233. echo "\n    [~] Total Not Vulnerability = $totalnotvuln\n\n";
234. ?>