KinG-InFeT.NeT ~ No-Paste

Titolo: AFI Scanner Autore: darkjoker Data: 20.09.09 Numero Linee:    
  1. ###################################################################################
  2. #
  3. # Author: darkjoker
  4. #
  5. # Site: http://darkjokerside.altervista.org
  6. #
  7. # Program: AFI scanner
  8. #
  9. # Usage: perl afi_scanner.pl <hostname> <ftp_username> <ftp_password> <test_file>
  10. #
  11. # <hostname>: Hostname where you want to do scan.
  12. #
  13. # <ftp_username>: FTP username of specific hostname.
  14. #
  15. # <ftp_password>: FTP password of specific hostname.
  16. #
  17. # <test_file>: File you want to include (syntax: http://site/file
  18. #              if you want to scan LFI please use a file in same directory of
  19. #              scanned files.
  20. #
  21. ###################################################################################
  22.  
  23. #!/usr/bin/perl
  24.  
  25. use IO::Socket;
  26. use Net::FTP;
  27.  
  28. sub usage {
  29.         die "Usage: perl $0 <hostname> <ftp_username> <ftp_password>  <test_file>\n";
  30. }
  31. $host = shift or usage;
  32. $ftp_user = shift or usage;
  33. $ftp_pass = shift or usage;
  34. $test_file = shift or usage;
  35.  
  36. $ftp = Net::FTP->new ($host) or die "$!\n";
  37. $ftp->login ($ftp_user, $ftp_pass) or die "$!\n";
  38. @files = $ftp->ls();
  39. $ftp->quit();
  40. $test_file =~ /http:\/\/(.+?)(\/.+)/;
  41. $test_host = $1;
  42. $test_page = $2;
  43. my $sock = new IO::Socket::INET (
  44.         PeerHost => $test_host,
  45.         PeerPort => '80',
  46.         Proto => 'tcp',
  47. ) or die "$!\n";
  48. print $sock "GET $test_page\r\n\r\n";
  49. my ($test);
  50. while (<$sock>){
  51.         $test .= $_;
  52. }
  53. close ($sock);
  54. foreach (@files){
  55.         my (@vars);
  56.         my (@methods);
  57.         $file = $_;
  58.         my $sock = new IO::Socket::INET (
  59.                 PeerHost => $host,
  60.                 PeerPort => '80',
  61.                 Proto => 'tcp',
  62.         ) or die "$!\n";
  63.         print $sock "GET /".$file."\r\n\r\n";
  64.         while (<$sock>){
  65.                 chomp ($_);
  66.                 $page .= $_;
  67.         }
  68.         while ($page =~ /<form.+?method.+?('|")(.+?)('|")/){
  69.                 $method = $2;
  70.                 $page =~ /<form.+?>(.+?)<\/form>/;
  71.                 $in = $1;
  72.                 while ($in =~ /(input|textarea).+?name.+?('|")(.+?)('|")/){
  73.                         $var_name = $3;
  74.                         push (@vars, $var_name);
  75.                         push (@methods, $method);
  76.                         $in =~ s/<(input|textarea).+?>//;
  77.                 }
  78.                 $page =~ s/<form.+?>//;
  79.         }
  80.         close ($sock);
  81.         $cont = 0;
  82.  
  83.         while ($cont < scalar (@vars)){
  84.                 my $sock = new IO::Socket::INET (
  85.                         PeerHost => $host,
  86.                         PeerPort => '80',
  87.                         Proto => 'tcp',
  88.                 );
  89.                 if ($test_file =~ /$host/){
  90.                         $test_page =~ /(.+)\/(.+)/;
  91.                         $to_include = $2;
  92.                 }
  93.                 else {
  94.                         $to_include = $test_file;
  95.                 }
  96.                 if (@methods [$cont] =~ /GET/){
  97.                         print $sock "GET /".$file."?".@vars [$cont]."=".$to_include."\r\n\r\n";
  98.                 }
  99.                 elsif (@methods [$cont] =~ /POST/){
  100.                         $var = @vars [$cont] . "=".$to_include;
  101.                         print $sock "POST /".$file."\n".
  102.                         "Host: $host\n".
  103.                         "Content-Type: application/x-www-form-urlencoded\n".
  104.                         "Content-Length: ".length($var)."\n\n".
  105.                         $var."\n\n"; 
  106.                 }
  107.                 else {
  108.                         die $file . " -> ".@methods [$cont] . ": Unknow method.\n";
  109.                 }
  110.                 my ($res);
  111.                 while (<$sock>){
  112.                         $res .= $_;
  113.                 }
  114.                 if ($res =~ /$test/){
  115.                         if ($test_host =~ /^$host$/){
  116.                                 print $file . ": Probably LFI on '" . @vars [$cont] . "' variable.\n";
  117.                         }
  118.                         else {
  119.                                 print $file . ": Probably RFI on '" . @vars [$cont] . "' variable.\n";
  120.                         }
  121.                 }
  122.                 $cont++;
  123.                 close ($sock);
  124.         }
  125. }
  126. print "\nDone\n";


Powered By 0xPaste
Versione: v1.6



[-Administration Panel-]