#!/usr/bin/php-q #!/usr/bin/php-q
/**
* PHP Vulnerability Scanner by Kingofska @ http://www.contropoterecrew.org
* Still very early release, just for testing and coding purpose:)
*
* Changelog:
*
* 12/09/06 version 0.1:first "Working" version, should work in "almost" site, report any bug to help me:)
* 25/09/06 0.2:better crawling, less bandwith/resource usage, speed improved, Better vuln finding code
*
**/
Print_r (
-------------------------------------------------------------------------------
PHP Vulnerability Scanner by Kingofska @ http://contropotere.netsons.org
Kingofska [at] gmail [dot] com
-------------------------------------------------------------------------------
);
if ($ARGC < 2) {
Print_r (
Early release, please send the bug report to help improving this script
--------------------------------------------------------------------------------
Usage:. $argv [0]. Host [Start_path][port][debug]
Host:target Server (Ip/hostname)
Path:path from which to start scanning, if none entered starts from/
Port:port of the HTTP server, default 80
Examples:
. $argv [0]. localhost/folder/script.php 81
--------------------------------------------------------------------------------
);
Die;
}
$host = $argv [1];//Insert the host site i.e.: www.website.com
$start _page = $argv [2];//Insert the start PA GE for the scan, if empty would start from index.*
$port =;
$additional _vars = Array (id,page);
$locator = Array ("123", \;! --" =&{()},some_inexisistent_file_to_include.php); XSS Locator from ha.ckers.org
$debug = TRUE;
/** Compatibility for PHP < 5
* Stripos () function made by rchillet at hotmail dot com
*
*/
if (!function_exists ("Stripos")) {
function Stripos ($str, $needle, $offset =0)
{
Return Strpos (Strtolower ($STR), Strtolower ($needle), $offset);
}
}
/**
* Don't edit below unless you know ...
*/
$reqmade = 0;
$time _start = Getmicrotime ();
Set_time_limit (0);
Error_reporting (E_error);
$checkedpages []=;
$result [] =;
$links [] =;
$checkedlinks [] =;
echo "Starting scan on $host: Starting page: $start _page";
$site _links = Index_site ();
$count = count ($site _links);
echo "Starting to scan $count pages ...";
foreach ($site _links as $cur) {
echo "Testing: $cur";
Test_page ($cur);
}
$time _end = Getmicrotime ();
$result [TIME] = substr ($time _end-$time _start,0,4);
$result [Connections] = $reqmade;
$result [Scanned] = count ($checkedpages);
echo "Report:";
foreach ($result [vuln] as $type = + $url) {
echo "$type vulnerability found:";
$url = Array_unique ($url);
foreach ($url as $cur) {
echo "$cur";
}
}
$server = Get_server_info ();
echo "Additional infos:";
echo "Site running on:". $server [software]. "";
echo "Powered by:". $server [Powered]. "";
echo "Scan took". $result [Time]. "Seconds to Scan". $result [scanned]. "Pages using". $result [Connections]. "Connections";
function Index_site () {
Global $start _page;
Array ($links);
$tmp = Get_links ($start _page,true);
foreach ($tmp as $cur) {
$tmp 2 = Get_links ($cur, true);
$links = Array_merge_recursive ($links, $tmp 2);
}
$links = Array_unique (Clean_array ($links));
$links [] = $start _page;
Sort ($links);
return ($links);
}
/**
* Testes a form using global Vuln Locator, both GET and POST method, and print result to screen
* @author Kingofska
* @param array $form form to test
* @return void
*/
function Test_form ($form) {
$ret =;
$tmp =;
Global $host, $port, $locator, $debug, $result;
if ($form [action][0]! =/And Stripos ($form [action],http://) = = = FALSE) {$form [action] =/. $form [action];}
if ($form [method] = Get) {
foreach ($form [VARs] as $current) {
foreach ($locator as $testing) {
$testing = UrlEncode ($testing);
$conn = Fsockopen ("$host", $port, $errno, $errstr, 30);
if (! $conn) {
echo "$errstr ($errno)
";
} else {
if (!stripos (?, $data [action])) {
$req = "GET". $form [action]. "? $current = $testing http/1.0host: $hostConnection: Close ";
}else{
$req = "GET". $form [action]. " & $current = $testing http/1.0host: $hostConnection: Close ";
}
if ($debug = = TRUE) {echo $req;}
Fputs ($conn, $req);
while (!feof ($conn)) {
$tmp. = Fgets ($conn, 128);
}
Fclose ($conn);
Do_test ($tmp, $form [action], $current);
$tmp =;
}
}
}
}else if ($form [method] = post) {
foreach ($form [VARs] as $current) {
foreach ($locator as $testing) {
$testing = UrlEncode ($testing);
$conn = Fsockopen ("$host", $port, $errno, $errstr, 30);
&nbs
http://www.bkjia.com/PHPjc/508460.html www.bkjia.com true http://www.bkjia.com/PHPjc/508460.html techarticle #!/usr/bin/php-q php/** * php Vulnerability Scanner by Kingofska @ http://www.contropoterecrew.org * still very ear Ly release, just for testing and coding purpose:) * * Change ...