程式師世界 >> 編程語言 >> 網頁編程 >> PHP編程 >> 關於PHP編程 >> 漏洞掃描php實現代碼

漏洞掃描php實現代碼

編輯：關於PHP編程

#!/usr/bin/php -q <?php /** * Php Vulnerability Scanner by KingOfSka @ http://www.contropoterecrew.org * still very early release, just for testing and coding purpose :) * * Change ...
#!/usr/bin/php -q
<?php

/**
*     Php Vulnerability Scanner by KingOfSka @ http://www.contropoterecrew.org
*    still very early release, just for testing and coding purpose :)
*
*    Changelog:
*
*    12/09/06    Version 0.1 : First "working" version, should work on "almost" site, report any bug to help me :)
*    25/09/06        0.2 : Better crawling, less bandwith/resource usage, speed improved, better vuln finding code
*
**/

print_r(
-------------------------------------------------------------------------------
Php Vulnerability Scanner by KingOfska @ http://contropotere.netsons.org
kingofska [at] gmail [dot] com
-------------------------------------------------------------------------------
);

if ($argc < 2) {
print_r(
Early release, please send bug report to help improving this script
--------------------------------------------------------------------------------
Usage: .$argv[0]. host [start_path][port][debug]
host:      target server (ip/hostname)
path:      path from which to start scanning, if none entered starts from /
port:       port of the http server, default 80

Examples:
.$argv[0]. localhost /folder/script.php 81

--------------------------------------------------------------------------------
);
die;
}
$host= $argv[1]; // Insert the host site i.e. : www.website.com
$start_page = $argv[2]; // Insert the start page for the scan, if empty will start from index.*
$port = 80 ;
$additional_vars = array(id,page);
$locator = array("123",\;!--"<XSS>=&{()},some_inexisistent_file_to_include.php); //XSS Locator from ha.ckers.org

$debug = TRUE;
/**    Compatibility for php < 5
*    stripos() function made by rchillet at hotmail dot com
*
*/
if (!function_exists("stripos")) {
function stripos($str,$needle,$offset=0)
{
     return strpos(strtolower($str),strtolower($needle),$offset);
}
}
/**
*    Do not edit below unless you know what you do...
*/
$reqmade = 0 ;
$time_start = getmicrotime();
set_time_limit(0);
error_reporting(E_ERROR);
$checkedpages[]=;
$result[] = ;
$links[] = ;
$checkedlinks[] = ;
echo "Starting scan on $host: Starting page: $start_page ";
$site_links = index_site();
$count = count($site_links);
echo "Starting to scan $count pages... ";

foreach($site_links as $cur){

echo "Testing: $cur ";
test_page($cur);

}

$time_end = getmicrotime();
$result[time] = substr($time_end - $time_start,0,4);
$result[connections] = $reqmade;
$result[scanned] = count($checkedpages);

echo "Report:";

foreach ($result[vuln] as $type=> $url){
echo " $type vulnerability found: ";
$url = array_unique($url);
foreach($url as $cur){
echo "$cur ";
}
}
$server = get_server_info();
echo " Additional infos: ";
echo "Site running on: ".$server[software]." ";
echo "Powered by: ".$server[powered]." ";
echo "Scan took ".$result[time]." seconds to scan ".$result[scanned]." pages using ".$result[connections]." connections ";

function index_site(){
global $start_page;
array($links);
$tmp = get_links($start_page,true);
    foreach($tmp as $cur){
    $tmp2 = get_links($cur,true);
    $links = array_merge_recursive($links,$tmp2);
    }
$links = array_unique(clean_array($links));
$links[] = $start_page;
sort($links);
return($links);
}

/**
* Testes a form using global vuln locator, both GET and POST method, and print result to screen
* @author KingOfSka <[email protected]>
* @param array $form Form to test
* @return void
*/

}else if ($form[method] = post){

foreach($form[vars] as $current){
        foreach($locator as $testing){
        $testing = urlencode($testing);
        $conn = fsockopen ("$host", $port, $errno, $errstr, 30);
       &nbs