Multiple CMS Scanner

1. <!--
2. ########################################################################
3. # Script : 1337 Multiple CMS Scaner Online v0.4 ( Modified Edition Wink
4. # Author : AlternatorIWnet@Shahril
5. # Original Author : KedAns-Dz ( ked-h [ at ] hotmail [ dot ] com Wink
6. # Author HomePage : www.1337day.com
7. # What Change ?! :-
8. # - Better Reverse IP method
9. # - Replace File_Get_Contents with cURL
10. # - Change Style Wink
11. # - Change PacketStormSecurity to Exploit-DB Big Grin
12. # - Remove Some Un-Expected Result (maybe have some more)
13. # Greets to : Dz Offenders Cr3W - Algerian Cyber Army - Inj3ct0r Team - TBD Security
14. #########################################################################
15.  
16. // Script Functions , start ..!
17. -->
18. <html>
19. <head>
20. <meta http-equiv="Content-Language" content="fr">
21. <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
22. <title>1337 Multiple CMS Scaner Online v0.4 (0!IIIV) by KedAns-Dz ( Modified by AlternatorIWnet )</title>
23. <meta content="KedAns-Dz , Inj3ct0r Team , 1337 Multiple CMS Scaner Online, AltenatorIWnet" name="description">
24. <link href="http://209.217.227.77/~forumant/favicon.ico" type="image/x-icon" rel="shortcut icon" />
25. <style>
26. @import url(http://fonts.googleapis.com/css?family=Fredoka+One);@import url(http://fonts.googleapis.com/css?family=A...ff; }
27. </style>
28.  
29. </head>
30.  
31. <body>
32.  
33. <p align="center">&nbsp;</p>
34. <p align="center">&nbsp;</p>
35. <p align="center">&nbsp;</p>
36. <p align="center"><font size="4">1337 Multiple CMS Scaner Online v0.4 (0!IIIV) | T0olKit By : KedAns-Dz </font></p><br><p align="center"><font size="4">( Modified by AltenatorIWnet )</font></p><br>
37. <form method="POST">
38. <p align="center"><input type="text" name="site" size="65" value=""><input type="submit" value="Scan.."></p>
39. </form><center>
40. <?php
41. @set_time_limit(0);
42. @error_reporting(0);
43.  
44. /* Use Curl to replace file_get_contents */
45. function getdata($url){
46. $ch = curl_init($url);
47. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
48. $data = curl_exec ($ch);
49. curl_close ($ch);
50. return $data;
51. }
52.  
53. /* Check Exploit At Exploit-DB */
54. function check_exploit($cpmxx){
55. $link = "http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=&filter_exploit_text=".$cpmxx."&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=";
56. $result = @getdata("$link");
57. if (strpos($result, "No results") != FALSE)
58. {
59. echo"<td>Not Found</td><td><a href='http://www.google.com/#hl=en&q=download+$cpmxx'>Download</a></td></tr>";
60. }else{
61. echo"<td><a href='$link'>Found</a></td><td><=</td></tr>";
62. }
63. }
64.  
65.  
66. /* Joomla Conf */
67. function check_com($url){
68. $source = @getdata("http://$url/");
69. preg_match_all('{option,(.*?)/}i',$source,$f);
70. preg_match_all('{option=(.*?)(&amp;|&|")}i',$source,$f2);
71. preg_match_all('{/components/(.*?)/}i',$source,$f3);
72. $arz=array_merge($f2[1],$f[1],$f3[1]);
73. $coms=array();
74. if(count($arz)==0){ echo "<tr><td colspan=3>[ Joomla ] ...Nothing Found !</td></tr>";}
75. foreach(array_unique($arz) as $x){
76. $coms[]=$x;
77. }
78. foreach($coms as $comm){
79. if(strlen($comm) < 40) {
80. echo "<tr><td>$comm</td>";
81. check_exploit($comm);
82. }
83. }
84. }
85.  
86. /* WordPress Conf */
87. function get_plugins($url){
88. $source = @getdata("http://$url/");
89. preg_match_all("#/plugins/(.*?)/#i", $source, $f);
90. $arz=array_unique($f[1]);
91. if(count($arz)==0){
92. echo "<tr><td colspan=3>[ Wordpress ] ...Nothing Found !</td></tr>";
93. }
94. foreach($arz as $plugin){
95. if(strlen($plugin) < 40) {
96. echo "<tr><td>$plugin</td>";
97. check_exploit($plugin);
98. }
99. }
100. }
101.  
102. /* Nuke's Conf */
103. function get_numod($url){
104. $source = @getdata("http://$url/");
105. preg_match_all('{?name=(.*?)/}i',$source,$f);
106. preg_match_all('{?name=(.*?)(&amp;|&|l_op=")}i',$source,$f2);
107. preg_match_all('{/modules/(.*?)/}i',$source,$f3);
108. $arz=array_merge($f2[1],$f[1],$f3[1]);
109. $cpm=array();
110. if(count($arz)==0){
111. echo "<tr><td colspan=3>[ Nuke's ] ...Nothing Found !</td></tr>";
112. }
113. foreach(array_unique($arz) as $x){
114. $cpm[]=$x;
115. }
116. foreach($cpm as $nmod){
117. if(strlen($nmod) < 40) {
118. echo "<tr><td>$nmod</td>";
119. check_exploit($nmod);
120. }
121. }
122. }
123.  
124. /* Xoops Conf */
125. function get_xoomod($url){
126. $source = @getdata("http://$url/");
127. preg_match_all('{/modules/(.*?)/}i',$source,$f);
128. $arz=array_merge($f[1]);
129. $cpm=array();
130. if(count($arz)==0){
131. echo "<tr><td colspan=3>[ Xoops ] ...Nothing Found !</td></tr>";
132. }
133. foreach(array_unique($arz) as $x){
134. $cpm[]=$x;
135. }
136. foreach($cpm as $xmod){
137. if(strlen($xmod) < 40) {
138. echo "<tr><td>$xmod</td>";
139. check_exploit($xmod);
140. }
141. }
142. }
143.  
144. /**************************************************************/
145.  
146. if(!isset($_POST['site'])) { $credit = credit();die("<br><br>$credit"); }
147.  
148. function findit($mytext,$starttag,$endtag) {
149. $posLeft = @stripos($mytext,$starttag)+strlen($starttag);
150. $posRight = @stripos($mytext,$endtag,$posLeft+1);
151. return @substr($mytext,$posLeft,$posRight-$posLeft);
152. flush();
153. }
154.  
155. function CleanAndClear($site) {
156. $output = strtolower($site);
157. $aaa = array("http://" ,"/" ,"www.");
158. foreach($aaa as $aa1) {
159. if (strpos($output, "$aa1") != FALSE) {
160. $output = (str_replace("$aa1", "", $output));
161. }
162. }
163. return $output;
164. }
165.  
166. function reverse_ip($site){
167. $getip = @file_get_contents("http://networktools.nl/reverseip/$site");
168. $ipss = @findit($getip,'<pre>','</pre>');
169. return $ipss;
170. flush();
171. }
172.  
173. function clean_array($site){
174. $ipp = "<b>".gethostbyname(CleanAndClear($site))."</b>";
175. $reverse = reverse_ip(CleanAndClear($site));
176. $clean_string = CleanAndClear(str_replace("\n", " ", str_replace("Domains on $ipp: ", "", $reverse)));
177. $clean_array = array_filter(explode(" ", trim(str_replace(" ","",$clean_string))));
178. return $clean_array;
179. }
180.  
181. $start_array = clean_array($_POST['site']);
182.  
183. echo'<table border="1" width=\"80%\" align=\"center\">
184. <tr><td width=\"30%\"><b>Server IP&nbsp;&nbsp;&nbsp;&nbsp; : </b></td><td><b>'.gethostbyname(CleanAndClear($_POST['site'])).'</b></td></tr>
185. <tr><td width=\"30%\"><b>Sites Found&nbsp; : </b></td><td><b>'.count($start_array).'</b></td></tr>
186. </table>';
187.  
188. echo "<br><br>";
189. echo'<table border="1" width="80%" align=\"center\">';
190.  
191. foreach($start_array as $h3h3){
192. echo'<tr id=new><td><b><a href=http://'.$h3h3.'/>'.$h3h3.'</a></b></td><td><b>Exploit-DB</b></td><td><b>Challenge of Exploiting ..!</b></td></tr>';
193. check_com($h3h3);
194. get_plugins($h3h3);
195. get_numod($h3h3);
196. get_xoomod($h3h3);
197. }
198.  
199. echo"</table>";
200.  
201. function credit(){
202. echo "</center>
203. <br><p align=\"center\">
204. Coded By : <a href='http://facebook.com/KedAns'>KedAns-Dz</a> | Modified by <b>AltenatorIWnet</b> | <a href='http://1337day.com/'>Inj3ct0r 1337day Exploit Database</a><br>
205. Made in Algeria | CopyCenter (^.^) 2o12
206. </p>
207. </body>
208. </html>";
209. }
210. ?>