HackerIT
Welcome To Paradise !
|
Lista Forumurilor Pe Tematici
|
HackerIT | Reguli | Inregistrare | Login
POZE HACKERIT
Nu sunteti logat.
|
Nou pe simpatie:
MicheleC pe Simpatie.ro
 | Femeie
25 ani
cauta Barbat
26 - 68 ani |
|
-esc-
Administrator
 Inregistrat: acum 16 ani
Postari: 126
|
|
Code:
#!/usr/bin/perl -w
#
# Remote File Inclusion scanner created by Ironfist
# This will check a directory (& subdirectories) for php scripts, containing an inclusion.
# New in version 2: Code improved, you can set the amount of subdirs to scan, results considered critical displayed in red,
# comments containing inclusion code displayed in grey, all errors filtered out, result file looks way nicer ^_^
#
$subdirstoscan = 20;
$resultfile = "results.html"; #Dont forget to add .htm or .html
if(-e "$resultfile"){
unlink("$resultfile");
}
open(DAT,">>$resultfile") || die("Cannot Open File");
print DAT "<html><head><title>Iron's Remote File Inclusion Scanner -> Results</title></head><body><table border=1><td><b>WHERE</b></td><td><b>Code</b></td><tr>";
close(DAT);
print "Directory to read? ";
$input = <stdin>;
chop ($input);
$dir = "/*";
$deep = 0;
while($deep != $subdirstoscan){
@files = <$input$dir>;
foreach $file (@files) {
if(-f $file){
print "Checking: " .$file . "n";
open(MYINPUTFILE, "$file");
while(<MYINPUTFILE>)
{
my($line) = $_;
chomp($line);
if(($line =~ m/include_once $/i) || ($line =~ m/require_once $/i) || ($line =~ m/include_once($/i) || ($line =~ m/require_once($/i) || ($line =~ m/require $/i) || ($line =~ m/require($/i) || ($line =~ m/require $/i) || ($line =~ m/include $/i) || ($line =~ m/include($/i))
{
if(($line =~ /$_GET/) || ($line =~ /$_POST/) || ($line =~ /$_REQUEST/)){ #This could be critical
open(DAT,">>$resultfile") || die("Cannot Open File");
print DAT "<td>$file</td><td><b><font color=red>$line</b></font></td><tr>";
close(DAT);
} elsif($line =~ /^///){ #This is just a comment, but display it anyway Smile
open(DAT,">>$resultfile") || die("Cannot Open File");
print DAT "<td>$file</td><td><font color=grey>$line</font></td><tr>";
close(DAT);
}
else {
open(DAT,">>$resultfile") || die("Cannot Open File");
print DAT "<td>$file</td><td>$line</td><tr>";
close(DAT);
}
}
}
}
}
$deep++;
$dir .= "/*";
}
open(DAT,">>$resultfile") || die("Cannot Open File");
print DAT "</table><br><center>©Ironfist</center></body></html>";
close(DAT);
print "Done! Check $resultfile for the found inclusions!"; |
_______________________________________
|
|
| pus acum 16 ani |
|