Fixing bug and Adding Subdomain Scanner

master
MD15 2021-02-03 20:29:48 +07:00
parent d1311a4f85
commit 60647675a4
12 changed files with 114 additions and 40 deletions

View File

@ -0,0 +1,22 @@
<!DOCTYPE html>
<html>
<head>
<title>Subdomain Scanner</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<h1 class="text-center my-5">Subdomain Scanner</h1>
<form action="result.php" method="POST" align="center" class="my-5">
<div class="form-group">
<label for="wordpress">Input Website</label>
<input class="form-control" name="subdomain">
</div>
<button type="submit" class="btn btn-primary">Submit</button>
</form>
</div>
</body>
</html>

View File

@ -0,0 +1,45 @@
<?php
error_reporting(0);
$nomer = 1;
$input = $_POST['subdomain'];
$url = parse_url($input, PHP_URL_HOST);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://sonar.omnisint.io/subdomains/".$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$output = curl_exec($ch);
curl_close($ch);
$json = json_decode($output, true);
?>
<!DOCTYPE html>
<html>
<head>
<title>Result Subdomain</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<h1>List Subdomain</h1>
<table class="table table-bordered">
<tr>
<th>No.</th>
<th>List Subdomain</th>
<tr>
<?php
for($i=0; $i < count($json); $i++) {
$target = "_blank";
echo "<tr>";
echo "<td>".$nomer++."</td>";
echo "<td><a target='".$target."' href='http://".$json[$i]."'>".$json[$i]."</a></td>";
echo "</tr>";
}
?>
</table>
</div>
</body>
</html>

View File

@ -10,7 +10,7 @@
<body> <body>
<div class="container"> <div class="container">
<h1 class="text-center my-5">Wordpress Scanner</h1> <h1 class="text-center my-5">Wordpress Scanner</h1>
<form action="result.php" method="post" align="center" class="my-5"> <form action="result.php" method="POST" align="center" class="my-5">
<div class="form-group"> <div class="form-group">
<label for="wordpress">Input Website </label> <label for="wordpress">Input Website </label>
<input class="form-control" name="wordpress"> <input class="form-control" name="wordpress">

View File

@ -1,7 +1,7 @@
<?php <?php
error_reporting(0); error_reporting(0);
$nomer = 1; $nomer = 1;
$input = $_POST['wordpress']; $input = addhttp($_POST['wordpress']);
$url = $input.'/wp-json/wp/v2/users'; $url = $input.'/wp-json/wp/v2/users';
@ -29,21 +29,28 @@ error_reporting(0);
//xmlrpc //xmlrpc
$url18 = $input.'/xmlrpc.php'; $url18 = $input.'/xmlrpc.php';
$output = file_get_contents($url); function addhttp($url) {
$json = json_decode($output, true); if (!preg_match("~^(?:f|ht)tps?://~i", $url)) {
$url = "http://" . $url;
}
return $url;
}
function getHttpcode($url){ function getHttpcode($url){
$ch = curl_init($url); $ch = curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, true); // we want headers curl_setopt($ch, CURLOPT_HEADER, true); // we want headers
curl_setopt($ch, CURLOPT_NOBODY, true); curl_setopt($ch, CURLOPT_NOBODY, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT,10); curl_setopt($ch, CURLOPT_TIMEOUT, 10);
$output = curl_exec($ch); $output = curl_exec($ch);
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE); $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch); curl_close($ch);
return $httpcode; return $httpcode;
} }
$output = file_get_contents($url);
$json = json_decode($output, true);
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
@ -55,21 +62,21 @@ error_reporting(0);
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script> <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
<style type="text/css"> <style type="text/css">
a { a {
font-size: 1.25em; font-size: 1em;
margin: 25px 0px; margin: 25px 0px;
} }
h1 { h3 {
margin: 25px 0px; margin: 30px 0px;
} }
</style> </style>
</head> </head>
<body> <body>
<div class="container"> <div class="container">
<h1>List WordPress Username</h1> <h3>List WordPress Username</h3>
<table class="table table-bordered"> <table class="table table-bordered">
<tr> <tr>
<th>Nomer</th> <th>Number</th>
<th>Username Wordpress</th> <th>Username Wordpress</th>
<tr> <tr>
<?php <?php
for($i=0; $i < count($json); $i++) { for($i=0; $i < count($json); $i++) {
@ -80,68 +87,68 @@ error_reporting(0);
} }
?> ?>
</table> </table>
<h1 class="border-top border-dark">Denial of Service load-scripts.php</h1> <h3 class="border-top border-dark">Denial of Service load-scripts.php</h3>
<?php <?php
if (getHttpcode($url2) == "200") { if (getHttpcode($url2) == "200") {
echo '<a target="_blank" href="'.$url2.'">Check in here for full payload</a>'; echo '<a target="_blank" href="http://'.$url2.'">Check in here for full payload</a>';
} else { } else {
echo "<h4>Not vuln</h4>"; echo "<h6>Not vuln</h6>";
} }
?> ?>
<h1 class="border-top border-dark">Denial of Service load-styles.php</h1> <h3 class="border-top border-dark">Denial of Service load-styles.php</h3>
<?php <?php
if (getHttpcode($url3) == "200") { if (getHttpcode($url3) == "200") {
echo '<a target="_blank" href="'.$url3.'">Check in here for full payload</a>'; echo '<a target="_blank" href="http://'.$url3.'">Check in here for full payload</a>';
} else { } else {
echo "<h4>Not vuln</h4>"; echo "<h6>Not vuln</h6>";
} }
?> ?>
<h1 class="border-top border-dark">Log files WordPress</h1> <h3 class="border-top border-dark">Log files WordPress</h3>
<?php <?php
if (getHttpcode($url4) == "200") { if (getHttpcode($url4) == "200") {
echo '<a target="_blank" href="'.$url4.'">'.$url4.'</a>'; echo '<a target="_blank" href="http://'.$url4.'">'.$url4.'</a>';
} else { } else {
echo "<h4>Not found</h4>"; echo "<h6>Not found</h6>";
} }
?> ?>
<h1 class="border-top border-dark">Backup file wp-config.php</h1> <h3 class="border-top border-dark">Backup file wp-config.php</h3>
<?php <?php
if (getHttpcode($url5) == "200") { if (getHttpcode($url5) == "200") {
echo '<a target="_blank" href="'.$url5.'">'.$url5.'</a>'; echo '<a target="_blank" href="http://'.$url5.'">'.$url5.'</a>';
} else if (getHttpcode($url6) == "200") { } else if (getHttpcode($url6) == "200") {
echo '<a target="_blank" href="'.$url6.'">'.$url6.'</a>'; echo '<a target="_blank" href="http://'.$url6.'">'.$url6.'</a>';
} else if (getHttpcode($url7) == "200") { } else if (getHttpcode($url7) == "200") {
echo '<a target="_blank" href="'.$url7.'">'.$url7.'</a>'; echo '<a target="_blank" href="http://'.$url7.'">'.$url7.'</a>';
} else if (getHttpcode($url8) == "200") { } else if (getHttpcode($url8) == "200") {
echo '<a target="_blank" href="'.$url8.'">'.$url8.'</a>'; echo '<a target="_blank" href="http://'.$url8.'">'.$url8.'</a>';
} else if (getHttpcode($url9) == "200") { } else if (getHttpcode($url9) == "200") {
echo '<a target="_blank" href="'.$url9.'">'.$url9.'</a>'; echo '<a target="_blank" href="http://'.$url9.'">'.$url9.'</a>';
} else if (getHttpcode($url10) == "200") { } else if (getHttpcode($url10) == "200") {
echo '<a target="_blank" href="'.$url10.'">'.$url10.'</a>'; echo '<a target="_blank" href="http://'.$url10.'">'.$url10.'</a>';
} else if (getHttpcode($url11) == "200") { } else if (getHttpcode($url11) == "200") {
echo '<a target="_blank" href="'.$url11.'">'.$url11.'</a>'; echo '<a target="_blank" href="http://'.$url11.'">'.$url11.'</a>';
} else if (getHttpcode($url12) == "200") { } else if (getHttpcode($url12) == "200") {
echo '<a target="_blank" href="'.$url12.'">'.$url12.'</a>'; echo '<a target="_blank" href="http://'.$url12.'">'.$url12.'</a>';
} else if (getHttpcode($url13) == "200") { } else if (getHttpcode($url13) == "200") {
echo '<a target="_blank" href="'.$url13.'">'.$url13.'</a>'; echo '<a target="_blank" href="http://'.$url13.'">'.$url13.'</a>';
} else if (getHttpcode($url14) == "200") { } else if (getHttpcode($url14) == "200") {
echo '<a target="_blank" href="'.$url14.'">'.$url14.'</a>'; echo '<a target="_blank" href="http://'.$url14.'">'.$url14.'</a>';
} else if (getHttpcode($url15) == "200") { } else if (getHttpcode($url15) == "200") {
echo '<a target="_blank" href="'.$url15.'">'.$url15.'</a>'; echo '<a target="_blank" href="http://'.$url15.'">'.$url15.'</a>';
} else if (getHttpcode($url16) == "200") { } else if (getHttpcode($url16) == "200") {
echo '<a target="_blank" href="'.$url16.'">'.$url16.'</a>'; echo '<a target="_blank" href="http://'.$url16.'">'.$url16.'</a>';
} else if (getHttpcode($url17) == "200") { } else if (getHttpcode($url17) == "200") {
echo '<a target="_blank" href="'.$url17.'">'.$url17.'</a>'; echo '<a target="_blank" href="http://'.$url17.'">'.$url17.'</a>';
} else { } else {
echo "<h4>Not found</h4>"; echo "<h6>Not found</h6>";
} }
?> ?>
<h1 class="border-top border-dark">XML-RPC WordPress</h1> <h3 class="border-top border-dark">XML-RPC WordPress</h3>
<?php <?php
if (getHttpcode($url18) == "405" || getHttpcode($url18) == "200") { if (getHttpcode($url18) == "405" || getHttpcode($url18) == "200") {
echo '<a target="_blank" href="'.$url18.'">'.$url18.'</a>'; echo '<a target="_blank" href="http://'.$url18.'">'.$url18.'</a>';
} else { } else {
echo "<h4>Not vuln</h4>"; echo "<h6>Not vuln</h6>";
} }
?> ?>
</div> </div>