Can You Even Curl Bro

1. #             CanYouEvenCurlBro.sh
2.  
3. #   Advanced Persistent Attack Web Reconnaissance Tool
4.  
5. #   CanYouEvenCurlBro.sh, ingeniously crafted by Michael Errington of GhostSec, stands at the forefront of advanced persistent attack tools. Specifically designed for web reconnaissance, this tool utilizes intricate curl commands to systematically uncover an array of website issues. Its distinguishing feature lies in its ability to conduct scans that often go undetected due to the contemporary and stealthy use of curl.
6.  
7. #   Operational Framework
8.  
9. #   1. Targeted Domain Definition. The script commences operations by precisely defining a target domain, exemplified by "https://example.com."
10.  
11. #   2. Sophisticated Search Queries (Dorks). Armed with an extensive array of dorks, the script crafts dynamic search queries, strategically targeting vulnerabilities. These queries include patterns associated with admin panels, login interfaces, and prevalent CMS platforms.
12.  
13. #   3. Stealthy Scanning Function. At its core, the script employs a dynamic `scan_url` function. Leveraging intricate curl commands, it inspects HTTP response codes, discreetly identifying potential vulnerabilities ("Found") without triggering conventional flags.
14.  
15. #   4. Automated Iterative Scanning. The script systematically cycles through the array of dorks, merging them with the target domain. It submits each resulting URL to the scrutiny of the `scan_url` function, executing stealthy scans within the target environment.
16.  
17. #   Strategic Applications in Advanced Persistent Attacks
18.  
19. #   1. Covert Security Audits. Positioned as a tool of choice for advanced persistent attackers engaged in covert security audits. It efficiently identifies vulnerabilities for exploitation while minimizing detection.
20.  
21. #   2. Subtle Penetration Testing. Empowers attackers with subtle penetration testing capabilities, allowing for the identification of entry points and potential exploits without raising suspicion.
22.  
23. #   3. Persistent Vulnerability Assessment. Facilitates persistent vulnerability assessments, discreetly uncovering misconfigurations and exposed admin interfaces over an extended period.
24.  
25. #   4. Undercover Educational Exploits. Valuable for educational purposes, demonstrating the efficacy of covert reconnaissance techniques in understanding the critical importance of securing web applications against advanced persistent threats.
26.  
27. #   CanYouEvenCurlBro.sh emerges as a tool tailored for advanced persistent attacks, employing a stealthy approach to web reconnaissance. Its capacity to conduct scans without conventional detection mechanisms makes it a formidable asset for attackers navigating the intricacies of web application vulnerabilities. Awareness of its advanced capabilities is crucial for defenders and security practitioners to fortify against sophisticated threats in the digital landscape.
28.  
29. #!/bin/bash
30.  
31. # Define the target domain
32. target_domain="https://example.com"
33.  
34. # List of dorks
35. dorks=(
36.     "inurl:/admin"
37.     "inurl:/login"
38.     "inurl:/administrator"
39.     "inurl:/adminLogin"
40.     "inurl:/adminPanel"
41.     "intitle:\"phpMyAdmin\""
42.     "intitle:\"Admin Login\""
43.     "intitle:\"Admin Panel\""
44.     "intitle:\"Login\""
45.     "intext:\"Powered by PHPMyAdmin\""
46.     "intext:\"Admin Login\""
47.     "intext:\"Admin Panel\""
48.     "intext:\"Login\""
49.     "intext:\"Powered by phpMyAdmin\""
50.     "inurl:/wp-admin"
51.     "inurl:/wp-login"
52.     "intitle:\"WordPress Login\""
53.     "inurl:/drupal"
54.     "intext:\"Powered by Drupal\""
55.     "inurl:/joomla"
56.     "intext:\"Powered by Joomla\""
57.     "inurl:/phpmyadmin"
58.     "inurl:/dbadmin"
59.     "inurl:/myadmin"
60.     "inurl:/phpMyAdmin2"
61.     "inurl:/phpMyAdmin3"
62.     "intext:\"Welcome to phpMyAdmin\""
63.     "intext:\"Welcome to phpMyAdmin 2\""
64.     "intext:\"Welcome to phpMyAdmin 3\""
65.     "inurl:/webadmin"
66.     "inurl:/siteadmin"
67.     "inurl:/phpmyadmin2"
68.     "inurl:/phpmyadmin3"
69.     "inurl:/phpmyadmin4"
70.     "intext:\"Administer your database\""
71.     "intext:\"Database management system\""
72.     "intext:\"MySQL administrator\""
73.     "intext:\"phpMyAdmin login\""
74.     "intext:\"Control Panel\""
75.     "inurl:/controlpanel"
76.     "intext:\"cPanel Login\""
77.     "inurl:/phpmyadmin/index.php"
78.     "intext:\"phpMyAdmin setup\""
79.     "intext:\"phpMyAdmin username\""
80.     "intext:\"phpMyAdmin password\""
81.     "intext:\"phpMyAdmin hostname\""
82.     "inurl:/phpmyadmin/config.inc.php"
83.     "intext:\"config file\" ext:txt"
84.     "inext:\"root@localhost\" intext:\"phpMyAdmin\""
85.     "inurl:/administrator/index.php"
86.     "inurl:/admin1.php"
87.     "inurl:/admin1.html"
88.     "inurl:/login.php"
89.     "inurl:/login.html"
90.     "inurl:/login.aspx"
91.     "inurl:/siteadmin/index.php"
92.     "inurl:/siteadmin"
93.     "inurl:/siteadmin/login.asp"
94.     "inurl:/admin/controlpanel.asp"
95.     "inurl:/admin/login.asp"
96.     "inurl:/admin/index.asp"
97.     "inurl:/user/login"
98.     "inurl:/users/login"
99.     "inurl:/adminarea"
100.     "inurl:/bb-admin"
101.     "inurl:/wp-admin"
102.     "inurl:/wp-login"
103.     "inurl:/wp-login.php"
104.     "inurl:/bb-admin/login"
105.     "inurl:/bb-admin/admin"
106.     "inurl:/bb-admin/admin.html"
107.     "inurl:/bb-admin/admin.php"
108.     "inurl:/administrator/index.html"
109.     "inurl:/administrator/index.php"
110.     "inurl:/administrator/login"
111.     "inurl:/admin/cp.php"
112.     "inurl:/admin/index.html"
113.     "inurl:/admin/index.php"
114.     "inurl:/admin/admin.html"
115.     "inurl:/admin/admin.php"
116.     "inurl:/login/login.html"
117.     "inurl:/login/login.php"
118.     "inurl:/admin/account.html"
119.     "inurl:/admin/account.php"
120.     "inurl:/admin/index.html"
121.     "inurl:/admin/index.php"
122.     "inurl:/admin/admin.html"
123.     "inurl:/admin/admin.php"
124.     "inurl:/admin/login/login.html"
125.     "inurl:/admin/login/login.php"
126.     "inurl:/admin/login/admin.html"
127.     "inurl:/admin/login/admin.php"
128.     "inurl:/admin/login/account.html"
129.     "inurl:/admin/login/account.php"
130.     "inurl:/admin/cp.html"
131.     "inurl:/admin/cp.php"
132.     "inurl:/admin/home.html"
133.     "inurl:/admin/home.php"
134.     "inurl:/admin/admin/home.html"
135.     "inurl:/admin/admin/home.php"
136.     "inurl:/admin/login/home.html"
137.     "inurl:/admin/login/home.php"
138.     "inurl:/admin/login/index.html"
139.     "inurl:/admin/login/index.php"
140.     "inurl:/admin/index/home.html"
141.     "inurl:/admin/index/home.php"
142.     "inurl:/admin/index/login/index.html"
143.     "inurl:/admin/index/login/index.php"
144.     "inurl:/admin/login/home/index.html"
145.     "inurl:/admin/login/home/index.php"
146.     "inurl:/admin/index/login/index.html"
147.     "inurl:/admin/index/login/index.php"
148.     "inurl:/admin/home/index/index.html"
149.     "inurl:/admin/home/index/index.php"
150.     "inurl:/phpmyadmin/index.html"
151.     "inurl:/phpmyadmin/index.php"
152.     "inurl:/phpmyadmin/phpmyadmin/index.html"
153.     "inurl:/phpmyadmin/phpmyadmin/index.php"
154.     "inurl:/phpmyadmin/phpmyadmin/phpmyadmin/index.html"
155.     "inurl:/phpmyadmin/phpmyadmin/phpmyadmin/index.php"
156. )
157.  
158. # Function to scan a URL
159. scan_url() {
160.     url="$1"
161.     echo "Scanning $url"
162.     response=$(curl -s -o /dev/null -w "%{http_code}" "$url")
163.     if [ "$response" -eq 200 ]; then
164.         echo "Found: $url"
165.     else
166.         echo "Not Found: $url"
167.     fi
168. }
169.  
170. # Loop through dorks and scan URLs
171. for dork in "${dorks[@]}"; do
172.     full_url="$target_domain/$dork"
173.     scan_url "$full_url"
174. done
175.  
176.