Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- See https://www.owasp.org/index.php/OWASP_URL_Checker for more info
- Coded by Craig Fox
- */
- #include<windows.h>
- #include<iostream>
- #include<fstream>
- #include<string>
- #include<wininet.h>
- #include <limits>
- using namespace std;
- #pragma comment (lib, "wininet.lib")
- //Simple function to return a bool value to check whether URL is valid
- bool ValidURL(string url)
- {
- bool result = false;
- HINTERNET hSession = InternetOpen("ValidURL", INTERNET_OPEN_TYPE_PRECONFIG, 0, 0, 0);
- if (hSession != 0)
- {
- HINTERNET hFile = InternetOpenUrl(hSession, url.c_str(), 0, 0, INTERNET_FLAG_RELOAD, 0);
- if (hFile != 0)
- {
- int code = 0;
- DWORD codeLen = sizeof(int);
- HttpQueryInfo(hFile, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &code, &codeLen, 0);
- result = code == HTTP_STATUS_OK || code == HTTP_STATUS_REDIRECT;
- InternetCloseHandle(hFile);
- }
- InternetCloseHandle(hSession);
- }
- return(result);
- }
- int main()
- {
- //Just intro
- SetConsoleTitle("Vulnerable URL checker 3.0 pentest edition by Foxy");
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), 7);
- cout<<"----------------------------------------------------------------------------"<<endl;
- cout<<"\tVulnerable URL checker v3.0 pentest edition coded by Foxy"<<endl;
- cout<<"\t\t\thhttps://www.owasp.org/index.php/OWASP_URL_Checker"<<endl;
- cout<<"----------------------------------------------------------------------------"<<endl;
- /*
- This tool relies on the urls.txt file which is where is gets all the urls
- from, essentially working like a database. Here we check if urls.txt exists.
- If so, we continue to the scanning section, if not we create a new file and
- add some basic URL extensions to it.
- */
- cout<<"Checking database...";
- ifstream reader("urls.txt",std::ios::in);
- if(!reader.good())
- {
- cout<<"Database not found, writing a new one...";
- ofstream writer("urls.txt",ios::app);
- //write some basic url extensions to our new database
- string defaulturls[20] = {"/robots.txt","/wp-login.php","/login/","/login.php","/admin.asp","/adm/",
- "/admin/","/admin.php","/admin/home.php","/admin/cp.asp","/_vti_pvt/","/_vti_pvt/service.pwd","/_vti_inf.html","/cgi-bin/",
- "/~root","/cache/","/sitemap.xml","/index.php?catid=","/index.php?id=","/login.shtml"};
- for(int i = 0; i < 20; i++)
- writer<<defaulturls[i]<<endl;
- writer.close();
- //wait 20 seconds, and inform user they need to restart so db can be loaded into mem correctly, then exit
- cout<<"DONE\nA new database \"urls.txt\" has now been created, please restart this tool"<<endl;
- cout<<"I will automatically close in 20 seconds..."<<endl;
- Sleep(20000);
- reader.close();
- return 0;
- }
- if(!reader)
- {
- cout<<"\nError reading database, ensure urls.txt is in\n"
- "the same directory as this application, if you do\n"
- "and it still isn't working, try running this program\n"
- "as Administrator as it could be an access error\n\nclosing..."<<endl;
- Sleep(20000);
- return-1;
- }cout<<"DONE!"<<endl;
- //-------------File handling all sorted---------------//
- //!TODO: the file_url array param needs updating to the MAX allowed
- string original_input_url, file_url[20000], full_url, successes;
- cout<<"Enter full URL (ignore last forward slash, for instance http://google.com):\n>";
- cin>>original_input_url;
- //PERFORM INITIAL CHECK TO SEE IF URL IS VALID
- cout<<"Performing check to see if website is valid"<<endl;
- if(ValidURL(original_input_url) == false)
- {
- cout<<"Invalid URL, closing..."<<endl;
- Sleep(10000);
- return 0;
- }
- else cout<<"That worked, now scanning files/directories..."<<endl;
- cout<<"\n##############################################################"<<endl;
- //NOW SCAN FILES/DIRECTORIES
- int i = 0;
- while (!reader.eof())
- {
- i++;
- getline(reader,file_url[i]);
- full_url = original_input_url;
- full_url += file_url[i];
- if(ValidURL(full_url) == false)
- {
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),12);
- cout<<full_url<<" FAILED"<<endl;
- }
- else
- {
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),10);
- cout<<full_url<<" SUCCESS!"<<endl;
- successes+=full_url+"\n";//store results for later saving
- }
- //temp: if url's are > 20000, then abort due to array bounds
- if(i >= 20000)
- {
- cout<<"Maximum URL's allowed reached, aborting..."<<endl;
- break;
- }
- }
- SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), 7);
- cout<<"\n##############################################################\nFinished, do you want me to save the sucessful results? y/n:"<<endl;
- string answer;
- cin>>answer;
- //
- if((answer == "y") || (answer == "Y"))
- {
- ofstream writer2("results.txt");
- if(!writer2)
- {
- cout<<"Error writing file!"<<endl;
- return -1;
- }
- writer2<<successes<<endl;
- writer2.close();
- cout<<"OK, your results are saved in \"results.txt\""<<endl;
- }
- cout<<"Closing..."<<endl;
- //sleep for a bit
- reader.close();
- Sleep(6000);
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement