# Perl Vulnerable Finder # Powered by windows98SE # Update 02/09/2553 12:46 # # HOW TO USE # - Copy and save this script to "anyname.pl" # - change "$PATH" to you AppServ path # - change "$URL" to url # - Download Free Script (Web App, CMS, bla bla) # Ex. http://www.exploit-db.com/exploits/10277/ # - Extract it to $PATH # - run this code # (in linux need make result_exploit_scan.html and chmod 0777) # - see Posible Vulnerable in result_exploit_scan.html # # Enjoy use HTML::Entities; my $PATH = 'D:/AppServ/www/exploit_scan'; my $URL = 'http://localhost/exploit_scan'; my @FILES; my @TYPES = qw(php php5 php3 cgi); my $RESULT = $PATH.'/result_exploit_scan.html'; &_start; &_folder($PATH); foreach (@FILES){&_read($_);} &_end; ############################################### sub _folder { my @folders; my $dir = _path($_[0]); opendir (DIR, $dir ); while (defined(my $tmp = readdir(DIR))){ next if($tmp =~ /^\.\.?$/i); push (@folders, $dir.'/'.$tmp) if(chdir($dir.'/'.$tmp)); foreach my $extention (@TYPES){ if((-f "$dir/$tmp") && ($tmp =~/$extention$/i)){ push (@FILES, $dir.'/'.$tmp); } } } closedir(DIR); foreach my $folder (@folders){ _folder($folder); } } sub _read { my $found = 0; my $write; my $num_line = 0; my $comment = 0; my $file = _path($_[0]); open FILE, "<", "$file" or die "[+] Can't open $file : $!"; while(<FILE>) { $num_line++; my $line = $_; $line =~ s/\r|\n//gi; $line =~ s/^\s+//gi; $line =~ s/\s+$//gi; $line =~ s/\s+/ /gi; $comment = 1 if($line =~/^\/\*/i); $comment = 0if($line =~/\*\//i); next if ($comment); next if ($line =~/^\/\//i); next if ($line =~/^function/i); if($line =~ /(\$\_(get|post|cookie|request|files)\[(\'|\")([a-z0-9\-\_]+)(\'|\")\])/ig){ my $regex = $1; $write = $write._write($num_line,"<div class='method'>$regex</div>",("<p class='src'>"._html($line)."</p>")); $found = 1; } if($line =~ /((include|require|readfile|file|file\_get\_contents|fopen|popen)(\_once)?)([\s|\(]|\"|\$)/ig){ my $regex = $1; next if ($line !~/\$/ig); $write = $write._write($num_line,"<div class='rfi'>$regex</div>",("<p class='src'>"._html($line)."</p>")); $found = 1; } if($line =~ /(select|order|where) /ig) { next if ($line !~/\$/ig); next if ($line !~/\=/ig); $write = $write._write($num_line,"<div class='sql'>SQL</div>",("<p class='src'>"._html($line)."</p>")); $found = 1; } } close(FILE); if($found){ my $file2 = $file; my $file3 = _path($PATH); $file2 =~ s/$file3//ig; print OUTFILE "<tr><th colspan=\"3\" class=\"file\" align=\"left\"><a href=\"$URL$file2\" target=\"_blank\">$file2</a> ($num_line line)</th></tr>"; print OUTFILE "$write"; } } sub _start { open OUTFILE, ">", "$RESULT" or die "Can't open $RESULT $!"; print OUTFILE "<html><head> <style type=\"text/css\"> table{border:1px solid #e5eecc;} td{border:1px dashed #e5eecc;} th{border:1px dotted red;background-color:#e5eecc;} tr{border:1px solid red;} .sql{color:#ff0000;} .rfi{color:#0000ff;} .method{color:#666666;} .src{color:#000000;} .file{color:#999999;} .cradit{color:#ff0000;background-color:#e5eecc;} </style> </head> <body><table width=\"95%\"> <tr> <th width=\"5%\">Line</th> <th width=\"10%\">Variable</th> <th width=\"85%\">Source<br />( Path = $PATH )</th> </tr> "; } sub _write { my $line = $_[0]; my $var = $_[1]; my $src = $_[2]; return "<tr> <td width=\"5%\" align=\"center\">$line</td> <td width=\"10%\" align=\"left\">$var</td> <td width=\"85%\" align=\"left\">$src</td> </tr> "; } sub _end { print OUTFILE "<tr> <th colspan=\"2\" width=\"10%\" align=\"left\">Total : ".scalar(@FILES)." File.</th> <th align=\"right\" class=\"cradit\">powered by <a title=\"admin\@stephack.com\" target=\"_blank\" href=\"http://www.stephack.com\">windows98SE</a></th> </tr> </table></body></html>"; close OUTFILE; } sub _path { my $var = $_[0]; $var =~ s/\\/\//gi; $var =~ s/^\s+//gi; $var =~ s/\s+$//gi; $var =~ s/\/$//gi; return $var; } sub _html { return encode_entities($_[0]); }
Tag Archives: scan
Perl Vulnerable Finder
0
