perl XSS Scanner

EliteHackers
SALUT 2022!! NE-AM MUTAT PE DISCORD ! Vrei să inviți un prieten? [T]eoria [H]aosului [C]ontrolat - https://discord.com/invite/U4HBCHzm7r Acesta aste link-ul oficial al acestui server.

Lista Forumurilor Pe Tematici

EliteHackers | Reguli | Inregistrare | Login

POZE ELITEHACKERS

Nu sunteti logat.

Nou pe simpatie:
Alexandra21

Femeie
22 ani
Calarasi
cauta Barbat
23 - 52 ani

EliteHackers / Programare / [perl]XSS Scanner

Moderat de Ad_Infinitum, AntiKiler, Puscas_marin, r3v

Autor

Mesaj

Pagini: 1

r3v
Moderator

Inregistrat: acum 14 ani
Postari: 1158

Code:

# 
#!/usr/bin/perl 
# 
use IO::Socket; 
# 
use Net::FTP; 
# 
$host = shift or die "Usage: perl $0 <host> <username> <password> [<log file>]\n"; 
# 
$user = shift or die "Usage: perl $0 <host> <username> <password> [<log file>]\n"; 
# 
$pass = shift or die "Usage: perl $0 <host> <username> <password> [<log file>]\n"; 
# 
$log_file = shift; 
# 
$ftp=Net::FTP->new($host) or die "Impossibile connettersi a $host.\n"; 
# 
$ftp->login ($user, $pass) or die "Errore durante il login.\n"; 
# 
@file = $ftp->ls (); 
# 
$cont4 = 0; 
# 
$log = "Scansione sito: $host\n"; 
# 
while ($cont4 < scalar (@file)){ 
# 
my $sock = new IO::Socket::INET ( 
# 
PeerHost => $host, 
# 
PeerPort => "80", 
# 
Proto => "tcp", 
# 
) or die "Impossibile connettersi a $host: $!\n"; 
# 
$page = ""; 
# 
print $sock "get /@file[$cont4]\n\n"; 
# 
while (<$sock>){ 
# 
$page .= $_; 
# 
} 
# 
my (@variabili, @var_method); 
# 
$cont2 = 0; 
# 
$cont = 0; 
# 
while ($cont <= length ($page)){ 
# 
if ($page =~ /<form.+?method.+?('|")(.+?)("|')/){ 
# 
$method = $2; 
# 
$page =~ /<form.+?>(.+?)<\/form>/; 
# 
$cont5 = 0; 
# 
$in_form = $1; 
# 
while ($cont5 <= length ($in_form)){ 
# 
if ($in_form =~ /<(input|textarea).+?name.+?('|")(.+?)("|')/){ 
# 
@variabili [$cont2] = $3; 
# 
@var_method [$cont2] = $method; 
# 
$in_form =~ s/<(input|textarea).+?name.+?('|")(.+?)("|')/done/; 
# 
} 
# 
$cont5++; 
# 
} 
# 
$page =~ s/<form.+?method.+?('|")(.+?)("|')/done/; 
# 
} 
# 
$cont++; 
# 
} 
# 
close ($sock); 
# 
$cont3 = 0; 
# 
while ($cont3 < scalar (@variabili)){ 
# 
my $sock = new IO::Socket::INET( 
# 
PeerHost => $host, 
# 
PeerPort => "80", 
# 
Proto => "tcp", 
# 
) or die "Impossibile connettersi a $host.\n"; 
# 
if (@var_method[$cont3] == "GET"){ 
# 
print $sock "get /@file[$cont4]?@variabili[$cont3]=<script>alert(1)</script>\n\n"; 
# 
} 
# 
elsif (@var_method[$cont3] == "POST"){ 
# 
$var = "@variabili[$cont3]=<script>alert(1)</script>"; 
# 
$to_send = "POST /pagina\n". 
# 
"Host: $host\n". 
# 
"Content-Type: application/x-www-form-urlencoded\n". 
# 
"Content-Length: ".length($var)."\n\n". 
# 
$var."\n\n"; 
# 
print $sock $to_send; 
# 
} 
# 
else { 
# 
die "@var_method[$cont3]: Metodo sconosciuto.\n"; 
# 
} 
# 
$page2 = ""; 
# 
while (<$sock>){ 
# 
$page2 .= $_; 
# 
} 
# 
if ($page2 =~ /<script>alert\(1\)<\/script>/){ 
# 
print "/@file[$cont4]: @variabili[$cont3] vulnerabile.\n"; 
# 
$log .= "\n/@file[$cont4]: @variabili[$cont3] vulnerabile."; 
# 
} 
# 
$cont3++; 
# 
close ($sock); 
# 
} 
# 
$cont4++; 
# 
} 
# 
if ($log_file != ""){ 
# 
open (LOG, $log_file) or die "Errore durante l'apertura del file: $!\n"; 
# 
print LOG $log; 
# 
close ($log);

_______________________________________
http://thieves-team.com
r3vyk.info
mess id: doar prin PM datorita faptului ca mi-au dat add 10000 de retardati care joaca metin

pus acum 14 ani

Pagini: 1

Mergi la