Remove some old script to the new one
parent
161ba097b2
commit
8e72e74bab
|
@ -1,3 +0,0 @@
|
||||||
# CSRF PoC Generator
|
|
||||||
![Preview](https://i.ibb.co/KyYw0D7/image.png)
|
|
||||||
[Live Preview](https://md15.github.io/csrf/generator/)
|
|
|
@ -1,103 +0,0 @@
|
||||||
<!DOCTYPE HTML>
|
|
||||||
<html lang="en">
|
|
||||||
<head>
|
|
||||||
<meta http-equiv="content-type" content="text/html; charset=utf-8">
|
|
||||||
<title>CSRF PoC Generator ~ Daffainfo</title>
|
|
||||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css">
|
|
||||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
|
|
||||||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js"></script>
|
|
||||||
</head>
|
|
||||||
|
|
||||||
<body>
|
|
||||||
<div class="container">
|
|
||||||
<div class="h1">CSRF PoC Generator</div>
|
|
||||||
<form>
|
|
||||||
<div class="form-group">
|
|
||||||
<label for="URL">URL:</label>
|
|
||||||
<input type="url" id="url" class="form-control" placeholder="http://sites.com"/>
|
|
||||||
<small id="textHelp" class="form-text text-muted">Add http:// or https:// in the beginning</small>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div class="form-group">
|
|
||||||
<label for="method">Method:</label>
|
|
||||||
<select class="form-control" id="method">
|
|
||||||
<option>GET</option>
|
|
||||||
<option>POST</option>
|
|
||||||
</select>
|
|
||||||
</div>
|
|
||||||
<div class="form-group">
|
|
||||||
<label for="parameters">Parameters:</label>
|
|
||||||
<input type="button" class="form-control" value="Add Parameters" id="add_param"></input>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div class="form-group">
|
|
||||||
<div class="field_left">
|
|
||||||
<input type="button" class="btn btn-primary" value="Generate" onclick="csrf_generator(true)" />
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div class="form-group">
|
|
||||||
<label for="req">Results:</label>
|
|
||||||
<textarea class="form-control" id="req" rows="15"></textarea>
|
|
||||||
</form>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
<script>
|
|
||||||
var param_counter = 0;
|
|
||||||
|
|
||||||
$(document).on("click", "#add_param", function(){
|
|
||||||
|
|
||||||
param_counter++;
|
|
||||||
var fright = $(this).parent();
|
|
||||||
fright.append("<form><div class='form-row'><div class='col'><input type='text' name='param[]' placeholder='Name' class='param_input form-control' id='param_input_"+param_counter+"'><input type='text' name='value[]' class='form-control' placeholder='Value'></div></form>");
|
|
||||||
|
|
||||||
});
|
|
||||||
|
|
||||||
|
|
||||||
function csrf_generator(encode){
|
|
||||||
encode = typeof(encode) == 'undefined' ? false : encode;
|
|
||||||
|
|
||||||
var html = "<html>\n<head>\n";
|
|
||||||
html += ' <title>CSRF vulnerability in ' + encodeURI($$v('url')) + '</title>' + "\n";
|
|
||||||
html += "</head>\n<body>\n";
|
|
||||||
html += ' <form action="' + encodeURI($$v('url')) + '" method="' + encodeURI($$v('method')) + '">' + "\n";
|
|
||||||
|
|
||||||
|
|
||||||
$(".param_input").each(function() {
|
|
||||||
|
|
||||||
if( $(this).val() )
|
|
||||||
{
|
|
||||||
html += ' <input type="hidden" name="' + encodeURI($(this).val()) + '" value="' + encodeURI($(this).next().val()) + '" />' + "\n";
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
html += " <input type='submit' value='Press Here' />\n";
|
|
||||||
html += " </form>\n";
|
|
||||||
html += "</body>\n";
|
|
||||||
html += "</html>"
|
|
||||||
|
|
||||||
if (encode) {
|
|
||||||
$$('req').innerHTML = html_encoding(html);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$$('poc').innerHTML = html;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function html_encoding(str) {
|
|
||||||
return String(str)
|
|
||||||
.replace(/&/g, '&')
|
|
||||||
.replace(/"/g, '"')
|
|
||||||
.replace(/'/g, ''')
|
|
||||||
.replace(/</g, '<')
|
|
||||||
.replace(/>/g, '>');
|
|
||||||
}
|
|
||||||
function $$v(id) {
|
|
||||||
return document.getElementById(id).value;
|
|
||||||
}
|
|
||||||
function $$(id) {
|
|
||||||
return document.getElementById(id);
|
|
||||||
}
|
|
||||||
</script>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,3 +0,0 @@
|
||||||
# Clickjacking
|
|
||||||
![Preview](https://i.ibb.co/9HcRVD8/image.png)
|
|
||||||
[Live Preview](https://daffainfo.github.io/Bug-Bounty-Tools/Clickjacking)
|
|
|
@ -1,39 +0,0 @@
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>Clickjacking Test</title>
|
|
||||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css">
|
|
||||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
|
|
||||||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js"></script>
|
|
||||||
<style>
|
|
||||||
iframe {
|
|
||||||
margin-top: 10px;
|
|
||||||
}
|
|
||||||
</style>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<div class="container">
|
|
||||||
<div class="h1">Test Clickjacking Vulnerability</div>
|
|
||||||
<div class="form-group">
|
|
||||||
<label for="URL">URL:</label>
|
|
||||||
<input type="url" id="url" class="form-control" placeholder="http://sites.com"/>
|
|
||||||
<small id="textHelp" class="form-text text-muted">Add http:// or https:// in the beginning</small>
|
|
||||||
</div>
|
|
||||||
<button id="submit-test" class="btn btn-primary">Test it!</button>
|
|
||||||
<iframe src="about:blank" id="iframe" frameborder="1" width="100%" height="50%"></iframe>
|
|
||||||
</div>
|
|
||||||
</body>
|
|
||||||
<script>
|
|
||||||
function frame() {
|
|
||||||
var url = document.getElementById("url").value;
|
|
||||||
var iframe = document.getElementById("iframe");
|
|
||||||
iframe.src = url;
|
|
||||||
}
|
|
||||||
document.addEventListener('DOMContentLoaded', function () {
|
|
||||||
document.getElementById('submit-test').addEventListener('click',
|
|
||||||
function() {
|
|
||||||
frame();
|
|
||||||
}
|
|
||||||
);
|
|
||||||
});
|
|
||||||
</script>
|
|
||||||
</html>
|
|
|
@ -1,22 +0,0 @@
|
||||||
<!DOCTYPE html>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>Google Maps API Key Checker</title>
|
|
||||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
|
|
||||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
|
|
||||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
|
|
||||||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<div class="container">
|
|
||||||
<h1 class="text-center my-5">Input Google Maps API Key</h1>
|
|
||||||
<form action="result.php" method="post" align="center" class="my-5">
|
|
||||||
<div class="form-group">
|
|
||||||
<label for="apikey">Input API </label>
|
|
||||||
<input class="form-control" name="apikey">
|
|
||||||
</div>
|
|
||||||
<button type="submit" class="btn btn-primary">Submit</button>
|
|
||||||
</form>
|
|
||||||
</div>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,167 +0,0 @@
|
||||||
<?php
|
|
||||||
error_reporting(0);
|
|
||||||
$input = $_POST['apikey'];
|
|
||||||
|
|
||||||
$url = 'https://maps.googleapis.com/maps/api/staticmap?center=45%2C10&zoom=7&size=400x400&key='.$input;
|
|
||||||
$url2 = 'https://maps.googleapis.com/maps/api/streetview?size=400x400&location=40.720032,-73.988354&fov=90&heading=235&pitch=10&key='.$input;
|
|
||||||
$url3 = 'https://www.google.com/maps/embed/v1/place?q=place_id:ChIJyX7muQw8tokR2Vf5WBBk1iQ&key='.$input;
|
|
||||||
$url4 = 'https://maps.googleapis.com/maps/api/directions/json?origin=Disneyland&destination=Universal+Studios+Hollywood4&key='.$input;
|
|
||||||
$url5 = 'https://maps.googleapis.com/maps/api/geocode/json?latlng=40,30&key='.$input;
|
|
||||||
$url6 = 'https://maps.googleapis.com/maps/api/distancematrix/json?units=imperial&origins=40.6655101,-73.89188969999998&destinations=40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.6905615%2C-73.9976592%7C40.659569%2C-73.933783%7C40.729029%2C-73.851524%7C40.6860072%2C-73.6334271%7C40.598566%2C-73.7527626%7C40.659569%2C-73.933783%7C40.729029%2C-73.851524%7C40.6860072%2C-73.6334271%7C40.598566%2C-73.7527626&key='.$input;
|
|
||||||
$url7 = 'https://maps.googleapis.com/maps/api/place/findplacefromtext/json?input=Museum%20of%20Contemporary%20Art%20Australia&inputtype=textquery&fields=photos,formatted_address,name,rating,opening_hours,geometry&key='.$input;
|
|
||||||
$url8 = 'https://maps.googleapis.com/maps/api/place/autocomplete/json?input=Bingh&types=%28cities%29&key='.$input;
|
|
||||||
$url9 = 'https://maps.googleapis.com/maps/api/elevation/json?locations=39.7391536,-104.9847034&key='.$input;
|
|
||||||
$url10 = 'https://maps.googleapis.com/maps/api/timezone/json?location=39.6034810,-119.6822510×tamp=1331161200&key='.$input;
|
|
||||||
$url11 = 'https://roads.googleapis.com/v1/nearestRoads?points=60.170880,24.942795|60.170879,24.942796|60.170877,24.942796&key='.$input;
|
|
||||||
|
|
||||||
$urlArr = array($url,$url2,$url3,$url4,$url5,$url6,$url7,$url8,$url9,$url10,$url11);
|
|
||||||
$urlArr2 = array($url4,$url5,$url6,$url7,$url8,$url9,$url10);
|
|
||||||
$yourProducts = array();
|
|
||||||
$yourProducts1 = array();
|
|
||||||
foreach ($urlArr as $key => $value) {
|
|
||||||
$yourProducts[] = yourCurl($value);
|
|
||||||
}
|
|
||||||
foreach ($urlArr2 as $key => $value) {
|
|
||||||
$yourProducts1[] = getContents($value);
|
|
||||||
}
|
|
||||||
|
|
||||||
function yourCurl($url){
|
|
||||||
$ch = curl_init($url);
|
|
||||||
curl_setopt($ch, CURLOPT_HEADER, true);
|
|
||||||
curl_setopt($ch, CURLOPT_NOBODY, true);
|
|
||||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
|
|
||||||
curl_setopt($ch, CURLOPT_ENCODING,"");
|
|
||||||
curl_setopt($ch, CURLOPT_TIMEOUT,10);
|
|
||||||
$output = curl_exec($ch);
|
|
||||||
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
|
||||||
curl_close($ch);
|
|
||||||
return $httpcode;
|
|
||||||
}
|
|
||||||
|
|
||||||
function getContents($url) {
|
|
||||||
$data = file_get_contents($url);
|
|
||||||
return $data;
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
|
|
||||||
<!DOCTYPE html>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>Result Google Map API Key</title>
|
|
||||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
|
|
||||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
|
|
||||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
|
|
||||||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
|
|
||||||
<style type="text/css">
|
|
||||||
a {
|
|
||||||
font-size: 1.25em;
|
|
||||||
}
|
|
||||||
h1 {
|
|
||||||
margin: 25px 0px;
|
|
||||||
}
|
|
||||||
</style>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<div class="container">
|
|
||||||
<h1 class="text-center">Results</h1>
|
|
||||||
<h5>Staticmap API</h5>
|
|
||||||
<?php
|
|
||||||
if ($yourProducts[0] == 200) {
|
|
||||||
echo "<p>API key is vulnerable for Staticmap API</p>";
|
|
||||||
echo "<a href='".$url."' target='_blank'>Staticmap API</a>";
|
|
||||||
} else if ($yourProducts[0] == 403) {
|
|
||||||
echo "<p>API key is not vulnerable for Staticmap API</p>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<h5>Streetview API</h5>
|
|
||||||
<?php
|
|
||||||
if ($yourProducts[1] == 200) {
|
|
||||||
echo "<p>API key is vulnerable for Streetview API</p>";
|
|
||||||
echo "<a href='".$url2."' target='_blank'>Streetview API</a>";
|
|
||||||
} else if ($yourProducts[1] == 403) {
|
|
||||||
echo "<p>API key is not vulnerable for Streetview API</p>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<h5>Embed API</h5>
|
|
||||||
<?php
|
|
||||||
if ($yourProducts[2] == 200) {
|
|
||||||
echo "<p>API key is vulnerable for Embed API</p>";
|
|
||||||
echo "<a href='".$url3."' target='_blank'>Embed API</a>";
|
|
||||||
} else if ($yourProducts[2] == 403) {
|
|
||||||
echo "<p>API key is not vulnerable for Embed API</p>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<h5>Directions API</h5>
|
|
||||||
<?php
|
|
||||||
if (strpos($yourProducts1[0], 'REQUEST_DENIED' === false)) {
|
|
||||||
echo "<p>API key is vulnerable for Directions API</p>";
|
|
||||||
echo "<a href='".$url4."' target='_blank'>Directions API</a>";
|
|
||||||
} else if ($yourProducts[3] == 200) {
|
|
||||||
echo "<p>API key is not vulnerable for Directions API</p>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<h5>Geocoding API</h5>
|
|
||||||
<?php
|
|
||||||
if (strpos($yourProducts1[1], 'REQUEST_DENIED') === false) {
|
|
||||||
echo "<p>API key is vulnerable for Geocoding API</p>";
|
|
||||||
echo "<a href='".$url5."' target='_blank'>Geocoding API</a>";
|
|
||||||
} else if ($yourProducts[4] == 200) {
|
|
||||||
echo "<p>API key is not vulnerable for Geocoding API</p>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<h5>Matrix API</h5>
|
|
||||||
<?php
|
|
||||||
if (strpos($yourProducts1[2], 'REQUEST_DENIED') === false) {
|
|
||||||
echo "<p>API key is vulnerable for Matrix API</p>";
|
|
||||||
echo "<a href='".$url6."' target='_blank'>Matrix API</a>";
|
|
||||||
} else if ($yourProducts[5] == 200) {
|
|
||||||
echo "<p>API key is not vulnerable for Matrix API</p>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<h5>Find Place from Text API</h5>
|
|
||||||
<?php
|
|
||||||
if (strpos($yourProducts1[3], 'REQUEST_DENIED') === false) {
|
|
||||||
echo "<p>API key is vulnerable for Find Place from Text API</p>";
|
|
||||||
echo "<a href='".$url7."' target='_blank'>Find Place from Text API</a>";
|
|
||||||
} else if ($yourProducts[6] == 200) {
|
|
||||||
echo "<p>API key is not vulnerable for Find Place from Text API</p>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<h5>Autocomplete API</h5>
|
|
||||||
<?php
|
|
||||||
if (strpos($yourProducts1[4], 'REQUEST_DENIED') === false) {
|
|
||||||
echo "<p>API key is vulnerable for Autocomplete API</p>";
|
|
||||||
echo "<a href='".$url8."' target='_blank'>Autocomplete API</a>";
|
|
||||||
} else if ($yourProducts[7] == 200) {
|
|
||||||
echo "<p>API key is not vulnerable for Autocomplete API</p>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<h5>Elevation API</h5>
|
|
||||||
<?php
|
|
||||||
if (strpos($yourProducts1[4], 'REQUEST_DENIED') === false) {
|
|
||||||
echo "<p>API key is vulnerable for Elevation API</p>";
|
|
||||||
echo "<a href='".$url9."' target='_blank'>Elevation API</a>";
|
|
||||||
} else if ($yourProducts[7] == 200) {
|
|
||||||
echo "<p>API key is not vulnerable for Elevation API</p>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<h5>Timezone API</h5>
|
|
||||||
<?php
|
|
||||||
if (strpos($yourProducts1[5], 'REQUEST_DENIED') === false) {
|
|
||||||
echo "<p>API key is vulnerable for Timezone API</p>";
|
|
||||||
echo "<a href='".$url10."' target='_blank'>Timezone API</a>";
|
|
||||||
} else if ($yourProducts[9] == 200) {
|
|
||||||
echo "<p>API key is not vulnerable for Timezone API</p>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<h5>Roads API</h5>
|
|
||||||
<?php
|
|
||||||
if (strpos($yourProducts1[6], 'REQUEST_DENIED') === false) {
|
|
||||||
echo "<p>API key is vulnerable for Roads API</p>";
|
|
||||||
echo "<a href='".$url11."' target='_blank'>Roads API</a>";
|
|
||||||
} else if (strpos($yourProducts[10], '403') === false) {
|
|
||||||
echo "<p>API key is not vulnerable for Roads API</p>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,22 +0,0 @@
|
||||||
<!DOCTYPE html>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>Laravel Bug Scanner</title>
|
|
||||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
|
|
||||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
|
|
||||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
|
|
||||||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<div class="container">
|
|
||||||
<h1 class="text-center my-5">Laravel Bug Scanner</h1>
|
|
||||||
<form action="result.php" method="post" align="center" class="my-5">
|
|
||||||
<div class="form-group">
|
|
||||||
<label for="website">Input Website </label>
|
|
||||||
<input class="form-control" name="website" type="url">
|
|
||||||
</div>
|
|
||||||
<button type="submit" class="btn btn-primary">Submit</button>
|
|
||||||
</form>
|
|
||||||
</div>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,78 +0,0 @@
|
||||||
<?php
|
|
||||||
error_reporting(0);
|
|
||||||
$input = $_POST['website'];
|
|
||||||
|
|
||||||
$url = $input.'/.env';
|
|
||||||
$url2 = $input.'/storage/logs/laravel.log';
|
|
||||||
$url3 = $input.'/logout';
|
|
||||||
|
|
||||||
$urlArr = array($url,$url2,$url3);
|
|
||||||
$listUrl = array();
|
|
||||||
foreach ($urlArr as $key => $value) {
|
|
||||||
$listUrl[] = getHttpcode($value);
|
|
||||||
}
|
|
||||||
|
|
||||||
function getHttpcode($url){
|
|
||||||
$ch = curl_init($url);
|
|
||||||
curl_setopt($ch, CURLOPT_HEADER, true); // we want headers
|
|
||||||
curl_setopt($ch, CURLOPT_NOBODY, true);
|
|
||||||
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
|
|
||||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
|
|
||||||
curl_setopt($ch, CURLOPT_TIMEOUT,10);
|
|
||||||
$output = curl_exec($ch);
|
|
||||||
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
|
||||||
curl_close($ch);
|
|
||||||
return $httpcode;
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
|
|
||||||
<!DOCTYPE html>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>Result Laravel</title>
|
|
||||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
|
|
||||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
|
|
||||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
|
|
||||||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
|
|
||||||
<style type="text/css">
|
|
||||||
a {
|
|
||||||
font-size: 1.25em;
|
|
||||||
}
|
|
||||||
h1 {
|
|
||||||
margin: 25px 0px;
|
|
||||||
}
|
|
||||||
</style>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<div class="container">
|
|
||||||
<h1 class="text-center">Results</h1>
|
|
||||||
<h5>.env File</h5>
|
|
||||||
<?php
|
|
||||||
if ($listUrl[0] == "200") {
|
|
||||||
echo "<p>.env exposed</p>";
|
|
||||||
echo '<a target="_blank" href="'.$url.'">'.$url.'</a><br>';
|
|
||||||
}
|
|
||||||
else if ($listUrl[0] != "200") {
|
|
||||||
echo "<p>.env not exposed</p><br>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<h5>Logs file</h5>
|
|
||||||
<?php
|
|
||||||
if ($listUrl[1] == "200") {
|
|
||||||
echo "<p>Logs exposed</p>";
|
|
||||||
echo '<a target="_blank" href="'.$url2.'">'.$url2.'</a><br>';
|
|
||||||
}
|
|
||||||
else if ($listUrl[1] != "200") {
|
|
||||||
echo "<p>Logs file not exposed</p><br>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<h5>Debug mode</h5>
|
|
||||||
<?php
|
|
||||||
if ($listUrl[2] == "405") {
|
|
||||||
echo '<p>Debug mode enabled</p>';
|
|
||||||
echo '<a target="_blank" href="'.$url3.'">'.$url3.'</a><br>';
|
|
||||||
}
|
|
||||||
else if ($listUrl[2] != "405") {
|
|
||||||
echo "<p>Debug mode in ".$input." disabled</p><br>";
|
|
||||||
}
|
|
||||||
?>
|
|
|
@ -1,22 +0,0 @@
|
||||||
<!DOCTYPE html>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>Reverse IP Lookup</title>
|
|
||||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
|
|
||||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
|
|
||||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
|
|
||||||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<div class="container">
|
|
||||||
<h1 class="text-center my-5">Reverse IP Lookup</h1>
|
|
||||||
<form action="result.php" method="POST" align="center" class="my-5">
|
|
||||||
<div class="form-group">
|
|
||||||
<label for="reverse">Input IP</label>
|
|
||||||
<input class="form-control" name="reverse">
|
|
||||||
</div>
|
|
||||||
<button type="submit" class="btn btn-primary">Submit</button>
|
|
||||||
</form>
|
|
||||||
</div>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,43 +0,0 @@
|
||||||
<?php
|
|
||||||
error_reporting(0);
|
|
||||||
$nomer = 1;
|
|
||||||
$input = $_POST['reverse'];
|
|
||||||
|
|
||||||
$ch = curl_init();
|
|
||||||
curl_setopt($ch, CURLOPT_URL, "https://sonar.omnisint.io/reverse/".$input);
|
|
||||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
|
|
||||||
$output = curl_exec($ch);
|
|
||||||
curl_close($ch);
|
|
||||||
|
|
||||||
$json = json_decode($output, true);
|
|
||||||
?>
|
|
||||||
<!DOCTYPE html>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>Result</title>
|
|
||||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
|
|
||||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
|
|
||||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
|
|
||||||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<div class="container">
|
|
||||||
<h1>List Domain</h1>
|
|
||||||
<table class="table table-bordered">
|
|
||||||
<tr>
|
|
||||||
<th>No.</th>
|
|
||||||
<th>List Domain</th>
|
|
||||||
<tr>
|
|
||||||
<?php
|
|
||||||
for($i=0; $i < count($json); $i++) {
|
|
||||||
$target = "_blank";
|
|
||||||
echo "<tr>";
|
|
||||||
echo "<td>".$nomer++."</td>";
|
|
||||||
echo "<td><a target='".$target."' href='http://".$json[$i]."'>".$json[$i]."</a></td>";
|
|
||||||
echo "</tr>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
</table>
|
|
||||||
</div>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,22 +0,0 @@
|
||||||
<!DOCTYPE html>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>Subdomain Scanner</title>
|
|
||||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
|
|
||||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
|
|
||||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
|
|
||||||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<div class="container">
|
|
||||||
<h1 class="text-center my-5">Subdomain Scanner</h1>
|
|
||||||
<form action="result.php" method="POST" align="center" class="my-5">
|
|
||||||
<div class="form-group">
|
|
||||||
<label for="subdomain">Input Website</label>
|
|
||||||
<input class="form-control" name="subdomain" type="url">
|
|
||||||
</div>
|
|
||||||
<button type="submit" class="btn btn-primary">Submit</button>
|
|
||||||
</form>
|
|
||||||
</div>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,45 +0,0 @@
|
||||||
<?php
|
|
||||||
error_reporting(0);
|
|
||||||
$nomer = 1;
|
|
||||||
$input = $_POST['subdomain'];
|
|
||||||
|
|
||||||
$url = parse_url($input, PHP_URL_HOST);
|
|
||||||
|
|
||||||
$ch = curl_init();
|
|
||||||
curl_setopt($ch, CURLOPT_URL, "https://sonar.omnisint.io/subdomains/".$url);
|
|
||||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
|
|
||||||
$output = curl_exec($ch);
|
|
||||||
curl_close($ch);
|
|
||||||
|
|
||||||
$json = json_decode($output, true);
|
|
||||||
?>
|
|
||||||
<!DOCTYPE html>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>Result Subdomain</title>
|
|
||||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
|
|
||||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
|
|
||||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
|
|
||||||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<div class="container">
|
|
||||||
<h1>List Subdomain</h1>
|
|
||||||
<table class="table table-bordered">
|
|
||||||
<tr>
|
|
||||||
<th>No.</th>
|
|
||||||
<th>List Subdomain</th>
|
|
||||||
<tr>
|
|
||||||
<?php
|
|
||||||
for($i=0; $i < count($json); $i++) {
|
|
||||||
$target = "_blank";
|
|
||||||
echo "<tr>";
|
|
||||||
echo "<td>".$nomer++."</td>";
|
|
||||||
echo "<td><a target='".$target."' href='http://".$json[$i]."'>".$json[$i]."</a></td>";
|
|
||||||
echo "</tr>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
</table>
|
|
||||||
</div>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,22 +0,0 @@
|
||||||
<!DOCTYPE html>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>Wordpress Scanner</title>
|
|
||||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
|
|
||||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
|
|
||||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
|
|
||||||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<div class="container">
|
|
||||||
<h1 class="text-center my-5">Wordpress Scanner</h1>
|
|
||||||
<form action="result.php" method="POST" align="center" class="my-5">
|
|
||||||
<div class="form-group">
|
|
||||||
<label for="wordpress">Input Website </label>
|
|
||||||
<input class="form-control" name="wordpress" type="url">
|
|
||||||
</div>
|
|
||||||
<button type="submit" class="btn btn-primary">Submit</button>
|
|
||||||
</form>
|
|
||||||
</div>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,156 +0,0 @@
|
||||||
<?php
|
|
||||||
error_reporting(0);
|
|
||||||
$nomer = 1;
|
|
||||||
$input = addhttp($_POST['wordpress']);
|
|
||||||
|
|
||||||
$url = $input.'/wp-json/wp/v2/users';
|
|
||||||
|
|
||||||
$url2 = $input.'/wp-admin/load-scripts.php?load=react,react-dom,moment,lodash,wp-polyfill-fetch,wp-polyfill-formdata,wp-polyfill-node-contains,wp-polyfill-url,wp-polyfill-dom-rect,wp-polyfill-element-closest,wp-polyfill,wp-block-library,wp-edit-post,wp-i18n,wp-hooks,wp-api-fetch,wp-data,wp-date,editor,colorpicker,media,wplink,link,utils,common,wp-sanitize,sack,quicktags,clipboard,wp-ajax-response,wp-api-request,wp-pointer,autosave,heartbeat,wp-auth-check,wp-lists,cropper,jquery,jquery-core,jquery-migrate,jquery-ui-core,jquery-effects-core,jquery-effects-blind,jquery-effects-bounce,jquery-effects-clip,jquery-effects-drop,jquery-effects-explode,jquery-effects-fade,jquery-effects-fold,jquery-effects-highlight,jquery-effects-puff,jquery-effects-pulsate,jquery-effects-scale,jquery-effects-shake,jquery-effects-size,jquery-effects-slide,jquery-effects-transfer,jquery-ui-accordion,jquery-ui-autocomplete,jquery-ui-button,jquery-ui-datepicker,jquery-ui-dialog,jquery-ui-draggable,jquery-ui-droppable,jquery-ui-menu,jquery-ui-mouse,jquery-ui-position,jquery-ui-progressbar,jquery-ui-resizable,jquery-ui-selectable,jquery-ui-selectmenu,jquery-ui-slider,jquery-ui-sortable,jquery-ui-spinner,jquery-ui-tabs,jquery-ui-tooltip,jquery-ui-widget,jquery-form,jquery-color,schedule,jquery-query,jquery-serialize-object,jquery-hotkeys,jquery-table-hotkeys,jquery-touch-punch,suggest,imagesloaded,masonry,jquery-masonry,thickbox,jcrop,swfobject,moxiejs,plupload,plupload-handlers,wp-plupload,swfupload,swfupload-all,swfupload-handlers,comment-reply,json2,underscore,backbone,wp-util,wp-backbone,revisions,imgareaselect,mediaelement,mediaelement-core,mediaelement-migrate,mediaelement-vimeo,wp-mediaelement,wp-codemirror,csslint,esprima,jshint,jsonlint,htmlhint,htmlhint-kses,code-editor,wp-theme-plugin-editor,wp-playlist,zxcvbn-async,password-strength-meter,user-profile,language-chooser,user-suggest,admin-bar,wplink,wpdialogs,word-count,media-upload,hoverIntent,hoverintent-js,customize-base,customize-loader,customize-preview,customize-models,customize-views,customize-controls,customize-selective-refresh,customize-widgets,customize-preview-widgets,customize-nav-menus,customize-preview-nav-menus,wp-custom-header,accordion,shortcode,media-models,wp-embed,media-views,media-editor,media-audiovideo,mce-view,wp-api,admin-tags,admin-comments,xfn,postbox,tags-box,tags-suggest,post,editor-expand,link,comment,admin-gallery,admin-widgets,media-widgets,media-audio-widget,media-image-widget,media-gallery-widget,media-video-widget,text-widgets,custom-html-widgets,theme,inline-edit-post,inline-edit-tax,plugin-install,site-health,privacy-tools,updates,farbtastic,iris,wp-color-picker,dashboard,list-revisions,media-grid,media,image-edit,set-post-thumbnail,nav-menu,custom-header,custom-background,media-gallery,svg-painter';
|
|
||||||
|
|
||||||
$url3 = $input.'/wp-admin/load-styles.php?&load=common,forms,admin-menu,dashboard,list-tables,edit,revisions,media,themes,about,nav-menus,widgets,site-icon,l10n,install,wp-color-picker,customize-controls,customize-widgets,customize-nav-menus,customize-preview,ie,login,site-health,buttons,admin-bar,wp-auth-check,editor-buttons,media-views,wp-pointer,wp-jquery-ui-dialog,wp-block-library-theme,wp-edit-blocks,wp-block-editor,wp-block-library,wp-components,wp-edit-post,wp-editor,wp-format-library,wp-list-reusable-blocks,wp-nux,deprecated-media,farbtastic';
|
|
||||||
|
|
||||||
$url4 = $input.'/wp-content/debug.log';
|
|
||||||
|
|
||||||
//Backup file
|
|
||||||
$url5 = $input.'/.wp-config.php.swp';
|
|
||||||
$url6 = $input.'/wp-config.inc';
|
|
||||||
$url7 = $input.'/wp-config.old';
|
|
||||||
$url8 = $input.'/wp-config.txt';
|
|
||||||
$url9 = $input.'/wp-config.html';
|
|
||||||
$url10 = $input.'/wp-config.php.bak';
|
|
||||||
$url11 = $input.'/wp-config.php.dist';
|
|
||||||
$url12 = $input.'/wp-config.php.inc';
|
|
||||||
$url13 = $input.'/wp-config.php.old';
|
|
||||||
$url14 = $input.'/wp-config.php.save';
|
|
||||||
$url15 = $input.'/wp-config.php.swp';
|
|
||||||
$url16 = $input.'/wp-config.php.txt';
|
|
||||||
$url17 = $input.'/wp-config.php~';
|
|
||||||
|
|
||||||
//xmlrpc
|
|
||||||
$url18 = $input.'/xmlrpc.php';
|
|
||||||
|
|
||||||
function addhttp($url) {
|
|
||||||
if (!preg_match("~^(?:f|ht)tps?://~i", $url)) {
|
|
||||||
$url = "http://" . $url;
|
|
||||||
}
|
|
||||||
return $url;
|
|
||||||
}
|
|
||||||
|
|
||||||
function getHttpcode($url){
|
|
||||||
$ch = curl_init($url);
|
|
||||||
curl_setopt($ch, CURLOPT_HEADER, true); // we want headers
|
|
||||||
curl_setopt($ch, CURLOPT_NOBODY, true);
|
|
||||||
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
|
|
||||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
|
|
||||||
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
|
|
||||||
$output = curl_exec($ch);
|
|
||||||
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
|
||||||
curl_close($ch);
|
|
||||||
return $httpcode;
|
|
||||||
}
|
|
||||||
|
|
||||||
$output = file_get_contents($url);
|
|
||||||
$json = json_decode($output, true);
|
|
||||||
?>
|
|
||||||
<!DOCTYPE html>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title>Result WordPress</title>
|
|
||||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
|
|
||||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
|
|
||||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
|
|
||||||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
|
|
||||||
<style type="text/css">
|
|
||||||
a {
|
|
||||||
font-size: 1em;
|
|
||||||
margin: 25px 0px;
|
|
||||||
}
|
|
||||||
h3 {
|
|
||||||
margin: 30px 0px;
|
|
||||||
}
|
|
||||||
</style>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<div class="container">
|
|
||||||
<h3>List WordPress Username</h3>
|
|
||||||
<table class="table table-bordered">
|
|
||||||
<tr>
|
|
||||||
<th>Number</th>
|
|
||||||
<th>Username Wordpress</th>
|
|
||||||
<tr>
|
|
||||||
<?php
|
|
||||||
for($i=0; $i < count($json); $i++) {
|
|
||||||
echo "<tr>";
|
|
||||||
echo "<td>".$nomer++."</td>";
|
|
||||||
echo "<td>".$json[$i]["slug"]."</td>";
|
|
||||||
echo "</tr>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
</table>
|
|
||||||
<h3 class="border-top border-dark">Denial of Service load-scripts.php</h3>
|
|
||||||
<?php
|
|
||||||
if (getHttpcode($url2) == "200") {
|
|
||||||
echo '<a target="_blank" href="http://'.$url2.'">Check in here for full payload</a>';
|
|
||||||
} else {
|
|
||||||
echo "<h6>Not vuln</h6>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<h3 class="border-top border-dark">Denial of Service load-styles.php</h3>
|
|
||||||
<?php
|
|
||||||
if (getHttpcode($url3) == "200") {
|
|
||||||
echo '<a target="_blank" href="http://'.$url3.'">Check in here for full payload</a>';
|
|
||||||
} else {
|
|
||||||
echo "<h6>Not vuln</h6>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<h3 class="border-top border-dark">Log files WordPress</h3>
|
|
||||||
<?php
|
|
||||||
if (getHttpcode($url4) == "200") {
|
|
||||||
echo '<a target="_blank" href="http://'.$url4.'">'.$url4.'</a>';
|
|
||||||
} else {
|
|
||||||
echo "<h6>Not found</h6>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<h3 class="border-top border-dark">Backup file wp-config.php</h3>
|
|
||||||
<?php
|
|
||||||
if (getHttpcode($url5) == "200") {
|
|
||||||
echo '<a target="_blank" href="http://'.$url5.'">'.$url5.'</a>';
|
|
||||||
} else if (getHttpcode($url6) == "200") {
|
|
||||||
echo '<a target="_blank" href="http://'.$url6.'">'.$url6.'</a>';
|
|
||||||
} else if (getHttpcode($url7) == "200") {
|
|
||||||
echo '<a target="_blank" href="http://'.$url7.'">'.$url7.'</a>';
|
|
||||||
} else if (getHttpcode($url8) == "200") {
|
|
||||||
echo '<a target="_blank" href="http://'.$url8.'">'.$url8.'</a>';
|
|
||||||
} else if (getHttpcode($url9) == "200") {
|
|
||||||
echo '<a target="_blank" href="http://'.$url9.'">'.$url9.'</a>';
|
|
||||||
} else if (getHttpcode($url10) == "200") {
|
|
||||||
echo '<a target="_blank" href="http://'.$url10.'">'.$url10.'</a>';
|
|
||||||
} else if (getHttpcode($url11) == "200") {
|
|
||||||
echo '<a target="_blank" href="http://'.$url11.'">'.$url11.'</a>';
|
|
||||||
} else if (getHttpcode($url12) == "200") {
|
|
||||||
echo '<a target="_blank" href="http://'.$url12.'">'.$url12.'</a>';
|
|
||||||
} else if (getHttpcode($url13) == "200") {
|
|
||||||
echo '<a target="_blank" href="http://'.$url13.'">'.$url13.'</a>';
|
|
||||||
} else if (getHttpcode($url14) == "200") {
|
|
||||||
echo '<a target="_blank" href="http://'.$url14.'">'.$url14.'</a>';
|
|
||||||
} else if (getHttpcode($url15) == "200") {
|
|
||||||
echo '<a target="_blank" href="http://'.$url15.'">'.$url15.'</a>';
|
|
||||||
} else if (getHttpcode($url16) == "200") {
|
|
||||||
echo '<a target="_blank" href="http://'.$url16.'">'.$url16.'</a>';
|
|
||||||
} else if (getHttpcode($url17) == "200") {
|
|
||||||
echo '<a target="_blank" href="http://'.$url17.'">'.$url17.'</a>';
|
|
||||||
} else {
|
|
||||||
echo "<h6>Not found</h6>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<h3 class="border-top border-dark">XML-RPC WordPress</h3>
|
|
||||||
<?php
|
|
||||||
if (getHttpcode($url18) == "405" || getHttpcode($url18) == "200") {
|
|
||||||
echo '<a target="_blank" href="http://'.$url18.'">'.$url18.'</a>';
|
|
||||||
} else {
|
|
||||||
echo "<h6>Not vuln</h6>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
</div>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
Loading…
Reference in New Issue