StepHack

# Perl Vulnerable Finder
# Powered by windows98SE
# Update 02/09/2553 12:46
#
# HOW TO USE
# - Copy and save this script to "anyname.pl"
# - change "$PATH" to you AppServ path
# - change "$URL" to url
# - Download Free Script (Web App, CMS, bla bla)
#    Ex. http://www.exploit-db.com/exploits/10277/
# - Extract it to $PATH
# - run this code
# (in linux need make result_exploit_scan.html and chmod 0777)
# - see Posible Vulnerable in result_exploit_scan.html
#
# Enjoy
 
use HTML::Entities;
 
 
my $PATH = 'D:/AppServ/www/exploit_scan';
my $URL = 'http://localhost/exploit_scan';
 
my @FILES;
my @TYPES = qw(php php5 php3 cgi);
my $RESULT = $PATH.'/result_exploit_scan.html';
 
 
&_start;
&_folder($PATH);
foreach (@FILES){&_read($_);}
&_end;
 
 
###############################################
sub _folder {
  my @folders;
  my $dir = _path($_[0]);
  opendir (DIR, $dir );
  while (defined(my $tmp = readdir(DIR))){
	next if($tmp =~ /^\.\.?$/i);
	push (@folders, $dir.'/'.$tmp) if(chdir($dir.'/'.$tmp));
	foreach my $extention (@TYPES){
	  if((-f "$dir/$tmp") && ($tmp =~/$extention$/i)){
		push (@FILES, $dir.'/'.$tmp);
	  }
	}
  }
  closedir(DIR);
  foreach my $folder (@folders){
	_folder($folder);
  }
}
 
sub _read {
  my $found = 0;
  my $write;
  my $num_line = 0;
  my $comment = 0;
  my $file = _path($_[0]);
  open FILE, "<", "$file" or die "[+] Can't open $file : $!";
  while(<FILE>) {
	$num_line++;
	my $line = $_;
	$line =~ s/\r|\n//gi;
	$line =~ s/^\s+//gi;
	$line =~ s/\s+$//gi;
	$line =~ s/\s+/ /gi;	
	$comment = 1 if($line =~/^\/\*/i);
	$comment = 0if($line =~/\*\//i);
 
	next if ($comment);
	next if ($line =~/^\/\//i);
	next if ($line =~/^function/i);
 
	if($line =~ /(\$\_(get|post|cookie|request|files)\[(\'|\")([a-z0-9\-\_]+)(\'|\")\])/ig){
	  my $regex = $1;
	  $write = $write._write($num_line,"<div class='method'>$regex</div>",("<p class='src'>"._html($line)."</p>"));
	  $found = 1;
	}
	if($line =~ /((include|require|readfile|file|file\_get\_contents|fopen|popen)(\_once)?)([\s|\(]|\"|\$)/ig){
	  my $regex = $1;
	  next if ($line !~/\$/ig);
	  $write = $write._write($num_line,"<div class='rfi'>$regex</div>",("<p class='src'>"._html($line)."</p>"));
	  $found = 1;
	}
	if($line =~ /(select|order|where) /ig) {
	  next if ($line !~/\$/ig);
	  next if ($line !~/\=/ig);
	  $write = $write._write($num_line,"<div class='sql'>SQL</div>",("<p class='src'>"._html($line)."</p>"));
	  $found = 1;
	}
  }
  close(FILE);
  if($found){
	my $file2 = $file;
	my $file3 = _path($PATH);
	$file2 =~ s/$file3//ig;
	print OUTFILE "<tr><th colspan=\"3\" class=\"file\" align=\"left\"><a href=\"$URL$file2\" target=\"_blank\">$file2</a> ($num_line line)</th></tr>";
	print OUTFILE "$write";
  }
}
 
sub _start {
  open OUTFILE, ">", "$RESULT" or die "Can't open $RESULT $!";
  print OUTFILE "<html><head>
<style type=\"text/css\">
table{border:1px solid #e5eecc;}
td{border:1px dashed #e5eecc;}
th{border:1px dotted red;background-color:#e5eecc;}
tr{border:1px solid red;}
.sql{color:#ff0000;}
.rfi{color:#0000ff;}
.method{color:#666666;}
.src{color:#000000;}
.file{color:#999999;}
.cradit{color:#ff0000;background-color:#e5eecc;}
</style>
</head>
<body><table width=\"95%\">
<tr>
	<th width=\"5%\">Line</th>
	<th width=\"10%\">Variable</th>
	<th width=\"85%\">Source<br />( Path = $PATH )</th>
</tr>
";
}
 
sub _write {
  my $line = $_[0];
  my $var = $_[1];
  my $src = $_[2];
  return "<tr>
	<td width=\"5%\" align=\"center\">$line</td>
	<td width=\"10%\" align=\"left\">$var</td>
	<td width=\"85%\" align=\"left\">$src</td>
</tr>
";
}
 
sub _end {
  print OUTFILE "<tr>
  <th colspan=\"2\" width=\"10%\" align=\"left\">Total : ".scalar(@FILES)." File.</th>  
  <th align=\"right\" class=\"cradit\">powered by <a title=\"admin\@stephack.com\" target=\"_blank\" href=\"http://www.stephack.com\">windows98SE</a></th>
  </tr>
  </table></body></html>";
  close OUTFILE;	
}
 
sub _path {
  my $var = $_[0];
  $var =~ s/\\/\//gi;
  $var =~ s/^\s+//gi;
  $var =~ s/\s+$//gi;
  $var =~ s/\/$//gi;
  return $var;
}
 
sub _html {
  return encode_entities($_[0]);  
}