#!/usr/bin/perl
use warnings;
use LWP::UserAgent;
use Getopt::Std;
use IO::Socket;
my $osid;
my $os = $^O;
if($os=~m/linux/){
$osid = 1;
my $kernel = system('cat /proc/sys/kernel/osrelease');
my $osinfo = system('uname -a');
system('clear');
print "OS info: \n";
print "\n";
system('ESC]2;vulnp0p v1.6 by perlp0pperBEL');
print "$os $kernel info: $osinfo\n";
}
if($os=~m/MSWin32/){
$osid = 2;
eval { require Win32;} or last;
my $osname = Win32::GetOSName();
my ($osver, $major, $minor, $id) = Win32::GetOSVersion();
system('cls');
print "OS info: \n";
print "\n";
system('title vulnp0p v1.6 by perlp0pper');
print "$os $osname $osver.$major.$minor $id\n";
}
print q{
########################################
# vulnp0p v2.1 by perlp0pper #
# ------------------------------------ #
# Anonymous group - join us at the irc #
# ./vulnp0p -h for help #
########################################
};
getopts("hu:SRm:g", \%args);
if(defined $args{h}){
&help;
exit;
}
if(!defined $args{h} && !defined $args{u} && !defined $args{m}){
&help;
exit;
}
sub help{
print "\n\n";
print "usage: ./vulnp0p [OPTIONS] [VULNERABILITY]\n";
print "\n";
print "OPTIONS:\n";
print "\n";
print "-u <url> - scan single url\n";
print "-m <file> - scan url list in file\n";
print "-g - scan with google\n";
print "-h - displays help menu\n";
print "\n";
print "VULNERABILITIES:\n";
print "\n";
print "-S - runs SQLi scan\n";
print "-R - runs RFI scan\n";
print "-------------------------------------------------------\n";
print "\n\n";
print "ex. ./vulnp0p -u http://www.example.org/index.php?page=35 -S\n";
print " ./vulnp0p -u http://www.example.org/index.php?page=main -R\n";
print " ./vulnp0p -u http://www.example.org/index.php?page=home.php -S -S\n";
print " ./vulnp0p -m url.txt -S -S\n";
print " ./vulnp0p -g -S -S\n";
print "\n\n";
print "-------------------------------------------------------\n";
};
if(defined $args{g}){
print "under construction\n";
exit;
}
if(defined $args{m}){
$ua1 = new LWP::UserAgent;
my $file = $args{m};
open FILE, "<$file";
my @urls = <FILE>;
my $url1;
foreach $dork(@urls){
print "###################################################################\n";
print "# $dork #\n";
print "###################################################################\n";
$sqliurl1 = "$dork'";
if(defined $args{S}){
$ua1 = new LWP::UserAgent;
print "[*] testing if $dork is vulnerable to sqli...\n";
print "[*] trying $sqliurl1 \n";
$test1 = $ua1->post($sqliurl1);
print "[+] $dork is vulnerable to SQLi error: \n", $test1->status_line unless $test1->is_success;
print "[+] $dork is vulnerable SQLi\n", $test1->content_type unless $test1->content_is_html;
print "[-] $dork is not vulnerable to sqli\n";
}
if(defined $args{R}){
print "[*] testing if $dork is vulnerable to RFI...\n";
if($dork=~m/^index.php?$/){
@page1 = split('=', $dork);
$RFIurl1 = '$page1[0]=http://www.google.co.uk';
print "[*] trying $RFIurl \n";
$get1 = $ua1 -> get('$RFIurl1');
open FILE, ">>RFItest.txt";
print FILE $get1;
$search1 = <FILE>;
if($search1 =~ m/^google$/){
print "[+] $dork is vulnerable to RFI\n";
}
}
else{
print "[-] $dork is not vulnerable to RFI or $dork is not formed well\n";
}
}
}
}
if(defined $args{u}){
my $url = $args{u};
$sqliurl = "$url'";
$ua = new LWP::UserAgent;
if(defined $args{S}){
print "[*] testing if $url is vulnerable to sqli...\n";
print "[*] trying $sqliurl \n";
$test = $ua->post($sqliurl);
print "[+] $url is vulnerable to SQLi error: \n", $test->status_line unless $test->is_success;
print "[+] $url is vulnerable to SQLi\n", $test->content_type unless $test->content_is_html;
print "[-] $url is not vulnerable to sqli\n";
}
if(defined $args{R}){
print "[*] testing if $url is vulnerable to RFI...\n";
if($url=~m/^index.php?$/){
@page = split('=', $url);
$RFIurl = '$page[0]=http://www.google.co.uk';
print "[*] trying $RFIurl \n";
$get = $ua -> get('$RFIurl');
open FILE, ">>RFItest.txt";
print FILE $get;
$search = <FILE>;
if($search =~ m/^google$/){
print "[+] $url is vulnerable to RFI\n";
}
}
else{
print "[-] $url is not vulnerable to RFI or $url is not formed well\n";
}
}
}