Vulnerability scan php implementation code

#! /Usr/bin/php-q & lt ;? Php/*** PhpVulnerabilityScannerbyKingOfSka @ http://www.contropoterecrew.org * stillveryearlyrelease, justfortestingandcodingpurpose :) ** Change...

#! /Usr/bin/php-q #! /Usr/bin/php-q

/**
* Php Vulnerability identified by KingOfSka @ http://www.contropoterecrew.org
* Still very early release, just for testing and coding purpose :)
*
* Changelog:
*
* 12/09/06 Version 0.1: First "working" version, shocould work on "almost" site, report any bug to help me :)
* 25/09/06 0.2: Better crawler, less bandwith/resource usage, speed improved, better vuln finding code
*
**/

Print_r (
-------------------------------------------------------------------------------
Php Vulnerability available by KingOfska @ http://contropotere.netsons.org
Kingofska [at] gmail [dot] com
-------------------------------------------------------------------------------
);

If ($ argc <2 ){
Print_r (
Early release, please send bug report to help improving this script
--------------------------------------------------------------------------------
Usage:. $ argv [0]. host [start_path] [port] [debug]
Host: target server (ip/hostname)
Path: path from which to start scanning, if none entered starts from/
Port: port of the http server, default 80

Examples:
. $ Argv [0]. localhost/folder/script. php 81

--------------------------------------------------------------------------------
);
Die;
}
$ Host = $ argv [1]; // Insert the host site I. e.: www.website.com
$ Start_page = $ argv [2]; // Insert the start page for the scan, if empty will start from index .*
$ Port = 80;
$ Additional_vars = array (id, page );
$ Locator = array ("123 ",\;! --" = & {()}, Some_inexisistent_file_to_include.php); // XSS Locator from ha.ckers.org

$ Debug = TRUE;
/** Compatibility for php <5
* Stripos () function made by rchillet at hotmail dot com
*
*/
If (! Function_exists ("stripos ")){
Function stripos ($ str, $ needle, $ offset = 0)
{
Return strpos (strtolower ($ str), strtolower ($ needle), $ offset );
}
}
/**
* Do not edit below unless you know what you do...
*/
$ Reqmade = 0;
$ Time_start = getmicrotime ();
Set_time_limit (0 );
Error_reporting (E_ERROR );
$ Checkedpages [] =;
$ Result [] =;
$ Links [] =;
$ Checkedlinks [] =;
Echo "Starting scan on $ host: Starting page: $ start_page ";
$ Site_links = index_site ();
$ Count = count ($ site_links );
Echo "Starting to scan $ count pages ...";

Foreach ($ site_links as $ cur ){

Echo "Testing: $ cur ";
Test_page ($ cur );

}

$ Time_end = getmicrotime ();
$ Result [time] = substr ($ time_end-$ time_start, 0, 4 );
$ Result [connections] = $ reqmade;
$ Result [scanned] = count ($ checkedpages );

Echo "Report :";

Foreach ($ result [vuln] as $ type => $ url ){
Echo "$ type vulnerability found :";
$ Url = array_unique ($ url );
Foreach ($ url as $ cur ){
Echo "$ cur ";
}
}
$ Server = get_server_info ();
Echo "Additional infos :";
Echo "Site running on:". $ server [software]. "";
Echo "Powered by:". $ server [powered]. "";
Echo "Scan took". $ result [time]. "seconds to scan". $ result [scanned]. "pages using". $ result [connections]. "connections ";

Function index_site (){
Global $ start_page;
Array ($ links );
$ Tmp = get_links ($ start_page, true );
Foreach ($ tmp as $ cur ){
$ Tmp2 = get_links ($ cur, true );
$ Links = array_merge_recursive ($ links, $ tmp2 );
}
$ Links = array_unique (clean_array ($ links ));
$ Links [] = $ start_page;
Sort ($ links );
Return ($ links );
}

/**
* Testes a form using global vuln locator, both GET and POST method, and print result to screen
* @ Author KingOfSka
* @ Param array $ form Form to test
* @ Return void
*/

Function test_form ($ form ){
$ Ret =;
$ Tmp =;
Global $ host, $ port, $ locator, $ debug, $ result;
If ($ form [action] [0]! =/AND stripos ($ form [action], http: //) ==== FALSE) {$ form [action] =/. $ form [action];}
If ($ form [method] = get ){
Foreach ($ form [vars] as $ current ){
Foreach ($ locator as $ testing ){
$ Testing = urlencode ($ testing );
$ Conn = fsockopen ("$ host", $ port, $ errno, $ errstr, 30 );
If (! $ Conn ){
Echo "$ errstr ($ errno)
";
} Else {
If (! Stripos (?, $ Data [action]) {
$ Req = "GET". $ form [action]. "? $ Current = $ testing HTTP/1.0 Host: $ hostConnection: Close ";
} Else {
$ Req = "GET". $ form [action]. "& $ current = $ testing HTTP/1.0 Host: $ hostConnection: Close ";
}
If ($ debug = TRUE) {echo $ req ;}
Fputs ($ conn, $ req );
While (! Feof ($ conn )){
$ Tmp. = fgets ($ conn, 128 );

}
Fclose ($ conn );

Do_test ($ tmp, $ form [action], $ current );

$ Tmp =;
}
}
}

} Else if ($ form [method] = post ){

Foreach ($ form [vars] as $ current ){
Foreach ($ locator as $ testing ){
$ Testing = urlencode ($ testing );
$ Conn = fsockopen ("$ host", $ port, $ errno, $ errstr, 30 );
& Nbs