Web Application Vulnerability Scanner


SUBMITTED BY: Guest

DATE: Jan. 1, 2014, 8:12 p.m.

FORMAT: Perl

SIZE: 5.1 kB

HITS: 1323

  1. #!/usr/bin/perl
  2. use warnings;
  3. use LWP::UserAgent;
  4. use Getopt::Std;
  5. use IO::Socket;
  6. my $osid;
  7. my $os = $^O;
  8. if($os=~m/linux/){
  9. $osid = 1;
  10. my $kernel = system('cat /proc/sys/kernel/osrelease');
  11. my $osinfo = system('uname -a');
  12. system('clear');
  13. print "OS info: \n";
  14. print "\n";
  15. system('ESC]2;vulnp0p v1.6 by perlp0pperBEL');
  16. print "$os $kernel info: $osinfo\n";
  17. }
  18. if($os=~m/MSWin32/){
  19. $osid = 2;
  20. eval { require Win32;} or last;
  21. my $osname = Win32::GetOSName();
  22. my ($osver, $major, $minor, $id) = Win32::GetOSVersion();
  23. system('cls');
  24. print "OS info: \n";
  25. print "\n";
  26. system('title vulnp0p v1.6 by perlp0pper');
  27. print "$os $osname $osver.$major.$minor $id\n";
  28. }
  29. print q{
  30. ########################################
  31. # vulnp0p v2.1 by perlp0pper #
  32. # ------------------------------------ #
  33. # Anonymous group - join us at the irc #
  34. # ./vulnp0p -h for help #
  35. ########################################
  36. };
  37. getopts("hu:SRm:g", \%args);
  38. if(defined $args{h}){
  39. &help;
  40. exit;
  41. }
  42. if(!defined $args{h} && !defined $args{u} && !defined $args{m}){
  43. &help;
  44. exit;
  45. }
  46. sub help{
  47. print "\n\n";
  48. print "usage: ./vulnp0p [OPTIONS] [VULNERABILITY]\n";
  49. print "\n";
  50. print "OPTIONS:\n";
  51. print "\n";
  52. print "-u <url> - scan single url\n";
  53. print "-m <file> - scan url list in file\n";
  54. print "-g - scan with google\n";
  55. print "-h - displays help menu\n";
  56. print "\n";
  57. print "VULNERABILITIES:\n";
  58. print "\n";
  59. print "-S - runs SQLi scan\n";
  60. print "-R - runs RFI scan\n";
  61. print "-------------------------------------------------------\n";
  62. print "\n\n";
  63. print "ex. ./vulnp0p -u http://www.example.org/index.php?page=35 -S\n";
  64. print " ./vulnp0p -u http://www.example.org/index.php?page=main -R\n";
  65. print " ./vulnp0p -u http://www.example.org/index.php?page=home.php -S -S\n";
  66. print " ./vulnp0p -m url.txt -S -S\n";
  67. print " ./vulnp0p -g -S -S\n";
  68. print "\n\n";
  69. print "-------------------------------------------------------\n";
  70. };
  71. if(defined $args{g}){
  72. print "under construction\n";
  73. exit;
  74. }
  75. if(defined $args{m}){
  76. $ua1 = new LWP::UserAgent;
  77. my $file = $args{m};
  78. open FILE, "<$file";
  79. my @urls = <FILE>;
  80. my $url1;
  81. foreach $dork(@urls){
  82. print "###################################################################\n";
  83. print "# $dork #\n";
  84. print "###################################################################\n";
  85. $sqliurl1 = "$dork'";
  86. if(defined $args{S}){
  87. $ua1 = new LWP::UserAgent;
  88. print "[*] testing if $dork is vulnerable to sqli...\n";
  89. print "[*] trying $sqliurl1 \n";
  90. $test1 = $ua1->post($sqliurl1);
  91. print "[+] $dork is vulnerable to SQLi error: \n", $test1->status_line unless $test1->is_success;
  92. print "[+] $dork is vulnerable SQLi\n", $test1->content_type unless $test1->content_is_html;
  93. print "[-] $dork is not vulnerable to sqli\n";
  94. }
  95. if(defined $args{R}){
  96. print "[*] testing if $dork is vulnerable to RFI...\n";
  97. if($dork=~m/^index.php?$/){
  98. @page1 = split('=', $dork);
  99. $RFIurl1 = '$page1[0]=http://www.google.co.uk';
  100. print "[*] trying $RFIurl \n";
  101. $get1 = $ua1 -> get('$RFIurl1');
  102. open FILE, ">>RFItest.txt";
  103. print FILE $get1;
  104. $search1 = <FILE>;
  105. if($search1 =~ m/^google$/){
  106. print "[+] $dork is vulnerable to RFI\n";
  107. }
  108. }
  109. else{
  110. print "[-] $dork is not vulnerable to RFI or $dork is not formed well\n";
  111. }
  112. }
  113. }
  114. }
  115. if(defined $args{u}){
  116. my $url = $args{u};
  117. $sqliurl = "$url'";
  118. $ua = new LWP::UserAgent;
  119. if(defined $args{S}){
  120. print "[*] testing if $url is vulnerable to sqli...\n";
  121. print "[*] trying $sqliurl \n";
  122. $test = $ua->post($sqliurl);
  123. print "[+] $url is vulnerable to SQLi error: \n", $test->status_line unless $test->is_success;
  124. print "[+] $url is vulnerable to SQLi\n", $test->content_type unless $test->content_is_html;
  125. print "[-] $url is not vulnerable to sqli\n";
  126. }
  127. if(defined $args{R}){
  128. print "[*] testing if $url is vulnerable to RFI...\n";
  129. if($url=~m/^index.php?$/){
  130. @page = split('=', $url);
  131. $RFIurl = '$page[0]=http://www.google.co.uk';
  132. print "[*] trying $RFIurl \n";
  133. $get = $ua -> get('$RFIurl');
  134. open FILE, ">>RFItest.txt";
  135. print FILE $get;
  136. $search = <FILE>;
  137. if($search =~ m/^google$/){
  138. print "[+] $url is vulnerable to RFI\n";
  139. }
  140. }
  141. else{
  142. print "[-] $url is not vulnerable to RFI or $url is not formed well\n";
  143. }
  144. }
  145. }

comments powered by Disqus