API tools faq
paste
Advertisement
Foxy1986

OWASP URL Checker

Foxy1986
Dec 17th, 2018
241
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 5.40 KB | None | 0 0
raw download clone embed print report
  1. /*
  2. See https://www.owasp.org/index.php/OWASP_URL_Checker for more info
  3. Coded by Craig Fox
  4. */
  5.  
  6.  
  7. #include<windows.h>
  8. #include<iostream>
  9. #include<fstream>
  10. #include<string>
  11. #include<wininet.h>
  12. #include <limits>
  13.  
  14. using namespace std;
  15. #pragma comment (lib, "wininet.lib")
  16.  
  17. //Simple function to return a bool value to check whether URL is valid
  18. bool ValidURL(string url)
  19.    {
  20.    bool result = false;
  21.  
  22.    HINTERNET hSession = InternetOpen("ValidURL", INTERNET_OPEN_TYPE_PRECONFIG, 0, 0, 0);
  23.    if (hSession != 0)
  24.       {
  25.       HINTERNET hFile = InternetOpenUrl(hSession, url.c_str(), 0, 0, INTERNET_FLAG_RELOAD, 0);
  26.       if (hFile != 0)
  27.          {
  28.          int code = 0;
  29.          DWORD codeLen = sizeof(int);
  30.          HttpQueryInfo(hFile, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &code, &codeLen, 0);
  31.  
  32.          result = code == HTTP_STATUS_OK || code == HTTP_STATUS_REDIRECT;
  33.  
  34.          InternetCloseHandle(hFile);
  35.          }
  36.  
  37.       InternetCloseHandle(hSession);
  38.       }
  39.  
  40.    return(result);
  41.    }
  42.  
  43.  
  44.  
  45. int main()
  46. {
  47.  
  48. //Just intro
  49. SetConsoleTitle("Vulnerable URL checker 3.0 pentest edition by Foxy");
  50. SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), 7);
  51.     cout<<"----------------------------------------------------------------------------"<<endl;
  52.     cout<<"\tVulnerable URL checker v3.0 pentest edition coded by Foxy"<<endl;
  53.     cout<<"\t\t\thhttps://www.owasp.org/index.php/OWASP_URL_Checker"<<endl;
  54.     cout<<"----------------------------------------------------------------------------"<<endl;
  55.    
  56.     /*
  57.     This tool relies on the urls.txt file which is where is gets all the urls
  58.     from, essentially working like a database. Here we check if urls.txt exists.
  59.     If so, we continue to the scanning section, if not we create a new file and
  60.     add some basic URL extensions to it.
  61.     */
  62.    
  63.    
  64.       cout<<"Checking database...";
  65.       ifstream reader("urls.txt",std::ios::in);
  66.       if(!reader.good())
  67.       {
  68.          
  69.  
  70.           cout<<"Database not found, writing a new one...";
  71.           ofstream writer("urls.txt",ios::app);
  72.  
  73.           //write some basic url extensions to our new database
  74.           string defaulturls[20] = {"/robots.txt","/wp-login.php","/login/","/login.php","/admin.asp","/adm/",
  75.           "/admin/","/admin.php","/admin/home.php","/admin/cp.asp","/_vti_pvt/","/_vti_pvt/service.pwd","/_vti_inf.html","/cgi-bin/",
  76.           "/~root","/cache/","/sitemap.xml","/index.php?catid=","/index.php?id=","/login.shtml"};
  77.           for(int i = 0; i < 20; i++)
  78.           writer<<defaulturls[i]<<endl;
  79.           writer.close();
  80.  
  81.           //wait 20 seconds, and inform user they need to restart so db can be loaded into mem correctly, then exit
  82.           cout<<"DONE\nA new database \"urls.txt\" has now been created, please restart this tool"<<endl;
  83.           cout<<"I will automatically close in 20 seconds..."<<endl;
  84.           Sleep(20000);
  85.           reader.close();
  86.           return 0;
  87.          
  88.       }
  89.       if(!reader)
  90.       {
  91.           cout<<"\nError reading database, ensure urls.txt is in\n"
  92.               "the same directory as this application, if you do\n"
  93.               "and it still isn't working, try running this program\n"
  94.               "as Administrator as it could be an access error\n\nclosing..."<<endl;
  95.           Sleep(20000);
  96.           return-1;
  97.  
  98.       }cout<<"DONE!"<<endl;
  99.      
  100.  
  101.       //-------------File handling all sorted---------------//
  102.  
  103.      
  104.       //!TODO: the file_url array param needs updating to the MAX allowed
  105.       string original_input_url, file_url[20000], full_url, successes;
  106.    
  107.    
  108.       cout<<"Enter full URL (ignore last forward slash, for instance http://google.com):\n>";
  109.       cin>>original_input_url;
  110.      
  111.       //PERFORM INITIAL CHECK TO SEE IF URL IS VALID
  112.       cout<<"Performing check to see if website is valid"<<endl;
  113.  
  114.  
  115.      if(ValidURL(original_input_url) == false)
  116.      {
  117.       cout<<"Invalid URL, closing..."<<endl;
  118.       Sleep(10000);
  119.       return 0;
  120.      }
  121.      else cout<<"That worked, now scanning files/directories..."<<endl;
  122.      cout<<"\n##############################################################"<<endl;
  123.  
  124.  
  125.     //NOW SCAN FILES/DIRECTORIES
  126.      int i = 0;
  127.      while (!reader.eof())
  128.      {
  129.       i++;
  130.       getline(reader,file_url[i]);
  131.       full_url = original_input_url;
  132.       full_url += file_url[i];
  133.      
  134.  
  135.       if(ValidURL(full_url) == false)
  136.       {
  137.           SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),12);
  138.           cout<<full_url<<" FAILED"<<endl;          
  139.       }
  140.       else
  141.       {
  142.           SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),10);
  143.           cout<<full_url<<" SUCCESS!"<<endl;  
  144.           successes+=full_url+"\n";//store results for later saving
  145.       }
  146.  
  147.       //temp: if url's are > 20000, then abort due to array bounds
  148.       if(i >= 20000)
  149.       {
  150.           cout<<"Maximum URL's allowed reached, aborting..."<<endl;
  151.           break;
  152.       }
  153.      
  154.      }
  155.    
  156.       SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), 7);      
  157.       cout<<"\n##############################################################\nFinished, do you want me to save the sucessful results? y/n:"<<endl;
  158.       string answer;
  159.       cin>>answer;
  160.  
  161.       //
  162.       if((answer == "y") || (answer == "Y"))
  163.       {
  164.          ofstream writer2("results.txt");
  165.          if(!writer2)
  166.          {
  167.              cout<<"Error writing file!"<<endl;
  168.              return -1;
  169.          }
  170.          writer2<<successes<<endl;
  171.          writer2.close();
  172.          cout<<"OK, your results are saved in \"results.txt\""<<endl;
  173.       }
  174.  
  175.       cout<<"Closing..."<<endl;
  176.  
  177.       //sleep for a bit
  178.       reader.close();
  179.       Sleep(6000);
  180.  
  181. return 0;
  182.  
  183. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!