#!/usr/bin/perl

use warnings;

use LWP::UserAgent;
use Getopt::Std;
use IO::Socket;



my $osid;
my $os = $^O;
if($os=~m/linux/){
$osid = 1;
my $kernel = system('cat /proc/sys/kernel/osrelease');
my $osinfo = system('uname -a');
system('clear');
print "OS info: \n";
print "\n";
system('ESC]2;vulnp0p v1.6 by perlp0pperBEL');
print "$os $kernel info: $osinfo\n";
}
if($os=~m/MSWin32/){
$osid = 2;
eval { require Win32;} or last;
my $osname = Win32::GetOSName();
my ($osver, $major, $minor, $id) = Win32::GetOSVersion();
system('cls');
print "OS info: \n";
print "\n";
system('title vulnp0p v1.6 by perlp0pper');
print "$os $osname $osver.$major.$minor $id\n";
}




print q{
########################################
# vulnp0p v2.1 by perlp0pper           #
# ------------------------------------ #
# Anonymous group - join us at the irc #
# ./vulnp0p -h for help                #
########################################
};
getopts("hu:SRm:g", \%args);


if(defined $args{h}){
&help;
exit;
}
if(!defined $args{h} && !defined $args{u} && !defined $args{m}){
&help;
exit;
}


sub help{
print "\n\n";
print "usage: ./vulnp0p [OPTIONS] [VULNERABILITY]\n";
print "\n";
print "OPTIONS:\n";
print "\n";
print "-u <url>  - scan single url\n";
print "-m <file> - scan url list in file\n";
print "-g        - scan with google\n";
print "-h        - displays help menu\n";
print "\n";
print "VULNERABILITIES:\n";
print "\n";
print "-S     - runs SQLi scan\n";
print "-R     - runs RFI scan\n";
print "-------------------------------------------------------\n";
print "\n\n";
print "ex. ./vulnp0p -u http://www.example.org/index.php?page=35 -S\n";
print "    ./vulnp0p -u http://www.example.org/index.php?page=main -R\n";
print "    ./vulnp0p -u http://www.example.org/index.php?page=home.php -S -S\n";
print "    ./vulnp0p -m url.txt -S -S\n";
print "    ./vulnp0p -g -S -S\n";
print "\n\n";
print "-------------------------------------------------------\n";


};

if(defined $args{g}){
print "under construction\n";
exit;
}
if(defined $args{m}){
$ua1 = new LWP::UserAgent;
my $file = $args{m};
open FILE, "<$file";
my @urls = <FILE>;
my $url1;
foreach $dork(@urls){
print "###################################################################\n";
print "# $dork                                                           #\n";
print "###################################################################\n";

$sqliurl1 = "$dork'";

if(defined $args{S}){
$ua1 = new LWP::UserAgent;

print "[*] testing if $dork is vulnerable to sqli...\n";

print "[*] trying $sqliurl1 \n";

$test1 = $ua1->post($sqliurl1);

print "[+] $dork is vulnerable to SQLi error: \n", $test1->status_line unless $test1->is_success;
print "[+] $dork is vulnerable SQLi\n", $test1->content_type unless $test1->content_is_html;




print "[-] $dork is not vulnerable to sqli\n";
}



if(defined $args{R}){

print "[*] testing if $dork is vulnerable to RFI...\n";


if($dork=~m/^index.php?$/){
@page1 = split('=', $dork);
$RFIurl1 = '$page1[0]=http://www.google.co.uk';

print "[*] trying $RFIurl \n";
$get1 = $ua1 -> get('$RFIurl1');
open FILE, ">>RFItest.txt";
print FILE $get1;
$search1 = <FILE>;
if($search1 =~ m/^google$/){
print "[+] $dork is vulnerable to RFI\n";


}

}
else{
print "[-] $dork is not vulnerable to RFI or $dork is not formed well\n";
}
}
}
}





if(defined $args{u}){
my $url = $args{u};
$sqliurl = "$url'";
$ua = new LWP::UserAgent;


if(defined $args{S}){

print "[*] testing if $url is vulnerable to sqli...\n";

print "[*] trying $sqliurl \n";

$test = $ua->post($sqliurl);
print "[+] $url is vulnerable to SQLi error: \n", $test->status_line unless $test->is_success;
print "[+] $url is vulnerable to SQLi\n", $test->content_type unless $test->content_is_html;




print "[-] $url is not vulnerable to sqli\n";
}



if(defined $args{R}){

print "[*] testing if $url is vulnerable to RFI...\n";


if($url=~m/^index.php?$/){
@page = split('=', $url);
$RFIurl = '$page[0]=http://www.google.co.uk';

print "[*] trying $RFIurl \n";
$get = $ua -> get('$RFIurl');
open FILE, ">>RFItest.txt";
print FILE $get;
$search = <FILE>;
if($search =~ m/^google$/){
print "[+] $url is vulnerable to RFI\n";


}

}
else{
print "[-] $url is not vulnerable to RFI or $url is not formed well\n";
}
}
}