(Yet another) HTTP RESPONSE SCANNER

[MrRuffl3Z]

Código Selecionar Expandir

<?php //launch it from apache

error_reporting(0);
set_time_limit(0);
ini_set("default_socket_timeout",5);

$host = $_POST['host'];
$port = $_POST['port'];
$path = $_POST['path'];
$dirs = $_POST['dirs'];

$cl="<br>";

echo"+-----------------------------------------------------------------+".$cl;
echo"|               (Yet another) HTTP RESPONSE SCANNER               ".$cl;
echo"|              by MrRuffl3Z @ http://warmachines.net              ".$cl;
echo"+-----------------------------------------------------------------+".$cl;

echo'<br><form name="form" method="post" action="">
Host: <input type="text" name="host" /> Port: <input name="port" 
type="text" value="80" size="6" /> Path: <input name="path" type="text"
value="/" /><br><br>Dirs: (one per line)<br><br> <textarea name="dirs" 
cols="45" rows="5">admin/</textarea><br><br><input type="submit" 
name="button" id="button" value="Submit" /></form>
';

$dirlist = explode("\n",$dirs); //um dir por linha

if(empty($host))
exit;

//nosso packet comum
$packet.="Host: ".$host."\r\n";
$packet.="Connection: Close\r\n";
$packet.="Accept-Encoding: text/html\r\n\r\n";

echo $cl."Starting response scan at ".$host.$cl;
$ip=gethostbyname($host);

foreach($dirlist as $currdir)
{   
$sock = fsockopen($ip, $port);
while(!$sock)
{
echo $cl."Failed to connect to host. Trying again. =(".$cl;
$sock = fsockopen($ip, $port);
}

$spacket ="GET ".$path."/".$currdir." HTTP/1.1\r\n".$packet;

fputs($sock,$spacket);
      
$html='';
while (!feof($sock))
{
if(stristr($html,"\n")){ break; } //precisamos apenas da primeira linha
     $html .= fgets($sock, 64);
}

$output = explode("\n",$html);

if(stristr($html,"400")){
echo $cl."DIR: ".$currdir." ERROR: MALFORMED PACKET";
$html='404';
}elseif(!stristr($html,"404")){ //nao mostra respostas 404
echo $cl."DIR: ".$currdir." RESULT: ".$output[0];
}

fclose($sock);
}

/* eu realmente nao tinha nada melhor pra fazer */

?>

admin1.php
admin1.html
admin2.php
admin2.html
yonetim.php
yonetim.html
yonetici.php
yonetici.html
adm/
admin/
siteadmin/
administration/
adminpanel/
surveys/admin/
admin/account.php
admin/account.html
admin/index.php
admin/index.html
admin/login.php
admin/login.html
admin/home.php
admin/controlpanel.html
admin/controlpanel.php
admin.php
admin.html
admin/cp.php
admin/cp.html
cp.php
cp.html
administrator/
administrator/index.html
administrator/index.php
administrator/login.html
administrator/login.php
administrator/account.html
administrator/account.php
administrator.php
administrator.html
login.php
login.html
modelsearch/login.php
moderator.php
moderator.html
moderator/login.php
moderator/login.html
moderator/admin.php
moderator/admin.html
moderator/
account.php
account.html
controlpanel/
controlpanel.php
controlpanel.html
admincontrol.php
admincontrol.html
adminpanel.php
adminpanel.html
admin1.asp
admin2.asp
yonetim.asp
yonetici.asp
admin/account.asp
admin/index.asp
admin/login.asp
admin/home.asp
admin/controlpanel.asp
admin.asp
admin/cp.asp
cp.asp
administrator/index.asp
administrator/login.asp
administrator/account.asp
administrator.asp
login.asp
modelsearch/login.asp
moderator.asp
moderator/login.asp
moderator/admin.asp
account.asp
controlpanel.asp
admincontrol.asp
adminpanel.asp
fileadmin/
fileadmin.php
fileadmin.asp
fileadmin.html
administration/
administration.php
administration.html
sysadmin.php
sysadmin.html
phpmyadmin/
myadmin/
sysadmin.asp
sysadmin/
ur-admin.asp
ur-admin.php
ur-admin.html
ur-admin/
Server.php
Server.html
Server.asp
Server/
wp-admin/
administr8.php
administr8.html
administr8/
administr8.asp
webadmin/
webadmin.php
webadmin.asp
webadmin.html
administratie/
admins/
admins.php
admins.asp
admins.html
administrivia/
Database_Administration/
WebAdmin/
useradmin/
sysadmins/
admin1/
system-administration/
administrators/
pgadmin/
directadmin/
staradmin/
ServerAdministrator/
SysAdmin/
administer/
LiveUser_Admin/
sys-admin/
typo3/
panel/
cpanel/
cPanel/
cpanel_file/
platz_login/
rcLogin/
blogindex/
formslogin/
autologin/
support_login/
meta_login/
manuallogin/
simpleLogin/
loginflat/
utility_login/
showlogin/
memlogin/
members/
login-redirect/
sub-login/
wp-login/
login1/
dir-login/
login_db/
xlogin/
smblogin/
customer_login/
UserLogin/
login-us/
acct_login/
admin_area/
bigadmin/
project-admins/
phppgadmin/
pureadmin/
sql-admin/
radmind/
openvpnadmin/
wizmysqladmin/
vadmind/
ezsqliteadmin/
hpwebjetadmin/
newsadmin/
adminpro/
Lotus_Domino_Admin/
bbadmin/
vmailadmin/
Indy_admin/
ccp14admin/
irc-macadmin/
banneradmin/
sshadmin/
phpldapadmin/
macadmin/
administratoraccounts/
admin4_account/
admin4_colon/
radmind-1/
Super-Admin/
AdminTools/
cmsadmin/
SysAdmin2/
globes_admin/
cadmins/
phpSQLiteAdmin/
navSiteAdmin/
server_admin_small/
logo_sysadmin/
server/
database_administration/
power_user/
system_administration/
ss_vms_admin_sm/

[Binsh#]

"/* eu realmente nao tinha nada melhor pra fazer */"

"Mente vazia, oficina do capeta."

legal... boa contribuição

[keenlanas]

Olha, independente de vc ter ou não algo pra fazer... Vc fez uma coisa bacana bagarai :D

Fiquei com MTA vontade de "converter" o codigo pra C, pq eu tb não tenho nada melhor pra fazer XD

Nah, vou fazer uma coisa original, ou tentar pelo menos XD

[MrRuffl3Z]

Em C com multiple threads ficaria muito rápido...
A vantagem de ser em php é que podemos rodar ele em qualquer server com pouquissimo acesso.

Deixei uma versão do scanner online em:
http://www.unicofeliz.com.br/yahttp.php

Espero que alguém ache útil... ;)