Fixing bug and Adding Subdomain Scanner
parent
d1311a4f85
commit
60647675a4
|
@ -0,0 +1,22 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Subdomain Scanner</title>
|
||||||
|
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
|
||||||
|
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
|
||||||
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
|
||||||
|
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div class="container">
|
||||||
|
<h1 class="text-center my-5">Subdomain Scanner</h1>
|
||||||
|
<form action="result.php" method="POST" align="center" class="my-5">
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="wordpress">Input Website</label>
|
||||||
|
<input class="form-control" name="subdomain">
|
||||||
|
</div>
|
||||||
|
<button type="submit" class="btn btn-primary">Submit</button>
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,45 @@
|
||||||
|
<?php
|
||||||
|
error_reporting(0);
|
||||||
|
$nomer = 1;
|
||||||
|
$input = $_POST['subdomain'];
|
||||||
|
|
||||||
|
$url = parse_url($input, PHP_URL_HOST);
|
||||||
|
|
||||||
|
$ch = curl_init();
|
||||||
|
curl_setopt($ch, CURLOPT_URL, "https://sonar.omnisint.io/subdomains/".$url);
|
||||||
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
|
||||||
|
$output = curl_exec($ch);
|
||||||
|
curl_close($ch);
|
||||||
|
|
||||||
|
$json = json_decode($output, true);
|
||||||
|
?>
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Result Subdomain</title>
|
||||||
|
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
|
||||||
|
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
|
||||||
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
|
||||||
|
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div class="container">
|
||||||
|
<h1>List Subdomain</h1>
|
||||||
|
<table class="table table-bordered">
|
||||||
|
<tr>
|
||||||
|
<th>No.</th>
|
||||||
|
<th>List Subdomain</th>
|
||||||
|
<tr>
|
||||||
|
<?php
|
||||||
|
for($i=0; $i < count($json); $i++) {
|
||||||
|
$target = "_blank";
|
||||||
|
echo "<tr>";
|
||||||
|
echo "<td>".$nomer++."</td>";
|
||||||
|
echo "<td><a target='".$target."' href='http://".$json[$i]."'>".$json[$i]."</a></td>";
|
||||||
|
echo "</tr>";
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
</table>
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -10,7 +10,7 @@
|
||||||
<body>
|
<body>
|
||||||
<div class="container">
|
<div class="container">
|
||||||
<h1 class="text-center my-5">Wordpress Scanner</h1>
|
<h1 class="text-center my-5">Wordpress Scanner</h1>
|
||||||
<form action="result.php" method="post" align="center" class="my-5">
|
<form action="result.php" method="POST" align="center" class="my-5">
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="wordpress">Input Website </label>
|
<label for="wordpress">Input Website </label>
|
||||||
<input class="form-control" name="wordpress">
|
<input class="form-control" name="wordpress">
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
error_reporting(0);
|
error_reporting(0);
|
||||||
$nomer = 1;
|
$nomer = 1;
|
||||||
$input = $_POST['wordpress'];
|
$input = addhttp($_POST['wordpress']);
|
||||||
|
|
||||||
$url = $input.'/wp-json/wp/v2/users';
|
$url = $input.'/wp-json/wp/v2/users';
|
||||||
|
|
||||||
|
@ -29,21 +29,28 @@ error_reporting(0);
|
||||||
//xmlrpc
|
//xmlrpc
|
||||||
$url18 = $input.'/xmlrpc.php';
|
$url18 = $input.'/xmlrpc.php';
|
||||||
|
|
||||||
$output = file_get_contents($url);
|
function addhttp($url) {
|
||||||
$json = json_decode($output, true);
|
if (!preg_match("~^(?:f|ht)tps?://~i", $url)) {
|
||||||
|
$url = "http://" . $url;
|
||||||
|
}
|
||||||
|
return $url;
|
||||||
|
}
|
||||||
|
|
||||||
function getHttpcode($url){
|
function getHttpcode($url){
|
||||||
$ch = curl_init($url);
|
$ch = curl_init($url);
|
||||||
curl_setopt($ch, CURLOPT_HEADER, true); // we want headers
|
curl_setopt($ch, CURLOPT_HEADER, true); // we want headers
|
||||||
curl_setopt($ch, CURLOPT_NOBODY, true);
|
curl_setopt($ch, CURLOPT_NOBODY, true);
|
||||||
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
|
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
|
||||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
|
||||||
curl_setopt($ch, CURLOPT_TIMEOUT,10);
|
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
|
||||||
$output = curl_exec($ch);
|
$output = curl_exec($ch);
|
||||||
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
||||||
curl_close($ch);
|
curl_close($ch);
|
||||||
return $httpcode;
|
return $httpcode;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$output = file_get_contents($url);
|
||||||
|
$json = json_decode($output, true);
|
||||||
?>
|
?>
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
<html>
|
<html>
|
||||||
|
@ -55,20 +62,20 @@ error_reporting(0);
|
||||||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
|
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
|
||||||
<style type="text/css">
|
<style type="text/css">
|
||||||
a {
|
a {
|
||||||
font-size: 1.25em;
|
font-size: 1em;
|
||||||
margin: 25px 0px;
|
margin: 25px 0px;
|
||||||
}
|
}
|
||||||
h1 {
|
h3 {
|
||||||
margin: 25px 0px;
|
margin: 30px 0px;
|
||||||
}
|
}
|
||||||
</style>
|
</style>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<div class="container">
|
<div class="container">
|
||||||
<h1>List WordPress Username</h1>
|
<h3>List WordPress Username</h3>
|
||||||
<table class="table table-bordered">
|
<table class="table table-bordered">
|
||||||
<tr>
|
<tr>
|
||||||
<th>Nomer</th>
|
<th>Number</th>
|
||||||
<th>Username Wordpress</th>
|
<th>Username Wordpress</th>
|
||||||
<tr>
|
<tr>
|
||||||
<?php
|
<?php
|
||||||
|
@ -80,68 +87,68 @@ error_reporting(0);
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
</table>
|
</table>
|
||||||
<h1 class="border-top border-dark">Denial of Service load-scripts.php</h1>
|
<h3 class="border-top border-dark">Denial of Service load-scripts.php</h3>
|
||||||
<?php
|
<?php
|
||||||
if (getHttpcode($url2) == "200") {
|
if (getHttpcode($url2) == "200") {
|
||||||
echo '<a target="_blank" href="'.$url2.'">Check in here for full payload</a>';
|
echo '<a target="_blank" href="http://'.$url2.'">Check in here for full payload</a>';
|
||||||
} else {
|
} else {
|
||||||
echo "<h4>Not vuln</h4>";
|
echo "<h6>Not vuln</h6>";
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
<h1 class="border-top border-dark">Denial of Service load-styles.php</h1>
|
<h3 class="border-top border-dark">Denial of Service load-styles.php</h3>
|
||||||
<?php
|
<?php
|
||||||
if (getHttpcode($url3) == "200") {
|
if (getHttpcode($url3) == "200") {
|
||||||
echo '<a target="_blank" href="'.$url3.'">Check in here for full payload</a>';
|
echo '<a target="_blank" href="http://'.$url3.'">Check in here for full payload</a>';
|
||||||
} else {
|
} else {
|
||||||
echo "<h4>Not vuln</h4>";
|
echo "<h6>Not vuln</h6>";
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
<h1 class="border-top border-dark">Log files WordPress</h1>
|
<h3 class="border-top border-dark">Log files WordPress</h3>
|
||||||
<?php
|
<?php
|
||||||
if (getHttpcode($url4) == "200") {
|
if (getHttpcode($url4) == "200") {
|
||||||
echo '<a target="_blank" href="'.$url4.'">'.$url4.'</a>';
|
echo '<a target="_blank" href="http://'.$url4.'">'.$url4.'</a>';
|
||||||
} else {
|
} else {
|
||||||
echo "<h4>Not found</h4>";
|
echo "<h6>Not found</h6>";
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
<h1 class="border-top border-dark">Backup file wp-config.php</h1>
|
<h3 class="border-top border-dark">Backup file wp-config.php</h3>
|
||||||
<?php
|
<?php
|
||||||
if (getHttpcode($url5) == "200") {
|
if (getHttpcode($url5) == "200") {
|
||||||
echo '<a target="_blank" href="'.$url5.'">'.$url5.'</a>';
|
echo '<a target="_blank" href="http://'.$url5.'">'.$url5.'</a>';
|
||||||
} else if (getHttpcode($url6) == "200") {
|
} else if (getHttpcode($url6) == "200") {
|
||||||
echo '<a target="_blank" href="'.$url6.'">'.$url6.'</a>';
|
echo '<a target="_blank" href="http://'.$url6.'">'.$url6.'</a>';
|
||||||
} else if (getHttpcode($url7) == "200") {
|
} else if (getHttpcode($url7) == "200") {
|
||||||
echo '<a target="_blank" href="'.$url7.'">'.$url7.'</a>';
|
echo '<a target="_blank" href="http://'.$url7.'">'.$url7.'</a>';
|
||||||
} else if (getHttpcode($url8) == "200") {
|
} else if (getHttpcode($url8) == "200") {
|
||||||
echo '<a target="_blank" href="'.$url8.'">'.$url8.'</a>';
|
echo '<a target="_blank" href="http://'.$url8.'">'.$url8.'</a>';
|
||||||
} else if (getHttpcode($url9) == "200") {
|
} else if (getHttpcode($url9) == "200") {
|
||||||
echo '<a target="_blank" href="'.$url9.'">'.$url9.'</a>';
|
echo '<a target="_blank" href="http://'.$url9.'">'.$url9.'</a>';
|
||||||
} else if (getHttpcode($url10) == "200") {
|
} else if (getHttpcode($url10) == "200") {
|
||||||
echo '<a target="_blank" href="'.$url10.'">'.$url10.'</a>';
|
echo '<a target="_blank" href="http://'.$url10.'">'.$url10.'</a>';
|
||||||
} else if (getHttpcode($url11) == "200") {
|
} else if (getHttpcode($url11) == "200") {
|
||||||
echo '<a target="_blank" href="'.$url11.'">'.$url11.'</a>';
|
echo '<a target="_blank" href="http://'.$url11.'">'.$url11.'</a>';
|
||||||
} else if (getHttpcode($url12) == "200") {
|
} else if (getHttpcode($url12) == "200") {
|
||||||
echo '<a target="_blank" href="'.$url12.'">'.$url12.'</a>';
|
echo '<a target="_blank" href="http://'.$url12.'">'.$url12.'</a>';
|
||||||
} else if (getHttpcode($url13) == "200") {
|
} else if (getHttpcode($url13) == "200") {
|
||||||
echo '<a target="_blank" href="'.$url13.'">'.$url13.'</a>';
|
echo '<a target="_blank" href="http://'.$url13.'">'.$url13.'</a>';
|
||||||
} else if (getHttpcode($url14) == "200") {
|
} else if (getHttpcode($url14) == "200") {
|
||||||
echo '<a target="_blank" href="'.$url14.'">'.$url14.'</a>';
|
echo '<a target="_blank" href="http://'.$url14.'">'.$url14.'</a>';
|
||||||
} else if (getHttpcode($url15) == "200") {
|
} else if (getHttpcode($url15) == "200") {
|
||||||
echo '<a target="_blank" href="'.$url15.'">'.$url15.'</a>';
|
echo '<a target="_blank" href="http://'.$url15.'">'.$url15.'</a>';
|
||||||
} else if (getHttpcode($url16) == "200") {
|
} else if (getHttpcode($url16) == "200") {
|
||||||
echo '<a target="_blank" href="'.$url16.'">'.$url16.'</a>';
|
echo '<a target="_blank" href="http://'.$url16.'">'.$url16.'</a>';
|
||||||
} else if (getHttpcode($url17) == "200") {
|
} else if (getHttpcode($url17) == "200") {
|
||||||
echo '<a target="_blank" href="'.$url17.'">'.$url17.'</a>';
|
echo '<a target="_blank" href="http://'.$url17.'">'.$url17.'</a>';
|
||||||
} else {
|
} else {
|
||||||
echo "<h4>Not found</h4>";
|
echo "<h6>Not found</h6>";
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
<h1 class="border-top border-dark">XML-RPC WordPress</h1>
|
<h3 class="border-top border-dark">XML-RPC WordPress</h3>
|
||||||
<?php
|
<?php
|
||||||
if (getHttpcode($url18) == "405" || getHttpcode($url18) == "200") {
|
if (getHttpcode($url18) == "405" || getHttpcode($url18) == "200") {
|
||||||
echo '<a target="_blank" href="'.$url18.'">'.$url18.'</a>';
|
echo '<a target="_blank" href="http://'.$url18.'">'.$url18.'</a>';
|
||||||
} else {
|
} else {
|
||||||
echo "<h4>Not vuln</h4>";
|
echo "<h6>Not vuln</h6>";
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
</div>
|
</div>
|
||||||
|
|
Loading…
Reference in New Issue