Headline

Helper 0.1

Helper is an enumerator written in PHP that helps identify directories on webservers that could be targets for things like cross site scripting, local file inclusion, remote shell upload, and remote SQL injection vulnerabilities.
1 month ago
Packet Storm
Open in Source
#sql #xss #vulnerability #web #ios #php #xpath #pdf #auth
_____________________________________________*###########################################**#      Penetration Testing Tool           #**#           *19/10/2024*                  #**# Author: Emiliano Febbi                  #**# Site: http://nullsite.altervista.org    #**#            PHP code                     #**###########################################*[code] #Helper v0.1<html><head><title>#-Helper</title><style> ul.nav {      width:250px;           margin:0;        padding:0;       } ul.nav li{  list-style:none;          } ul.nav a{        display:block;  text-decoration:none;       background:#333;            color:#FFF;         margin:.1em 0;                  padding:.2em .5em;            }  ul.nav a:hover,          a:focus,     a:active{     background:#FFF;        color:#333;       border:.1em solid #000;      }   </style></head><body><font color="white"><body bgcolor="black"><body link="white"><body vlink="white"><center><pre> _     _ _______         _____  _______  ______ |_____| |______ |      |_____] |______ |_____/ |     | |______ |_____ |       |______ |    \_******************************************** Name Software: Helper v0.1              ** Simple Pentesting tool at release v0.1. ** Allowed http && https protocols.        ** Code By Emiliano Febbi - #2024          ** My site: http://nullsite.altervista.org ********************************************</pre><form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">#insert URL:<br><input type="text" name="site" value="https://www.victime.com/"><br><input type="submit" value="load"><br><?phpif($_POST['site']) {                            $victime = $_POST['site']; $for_print = htmlspecialchars("$victime", ENT_QUOTES);print "<br><b>[site loaded]: -></b> <font color='red'>$for_print</font>";print "<br>......................................................................................................................................................................................................................................................................................................................................................................................................<br>";print "<font color='red'><b>-> WebServer info <-</b></font><br>";                     print_r(get_headers($victime));print "<br>......................................................................................................................................................................................................................................................................................................................................................................................................<br>";   $victime_pars = str_replace( '/', '/', $victime);print "<br><font color='red'><b>-> Mini-Fuzzer <-</b></font><font color='lime'> Found:</font><br>";/*Mini-Fuzzer*//*####################################################################################################################*/$urlContent = file_get_contents("$victime_pars");    $dom = new DOMDocument();@$dom->loadHTML($urlContent); $xpath = new DOMXPath($dom);$hrefs = $xpath->evaluate("/html/body//a");for($i = 0; $i < $hrefs->length; $i++){              $href = $hrefs->item($i);    $url = $href->getAttribute('href');    $url = filter_var($url, FILTER_SANITIZE_URL);    // validate url    if(!filter_var($url, FILTER_VALIDATE_URL) === false){        echo ' <ul class="nav"><li><a href="'.$url.'">'.$url.'</a></li></ul><br />';    }}/*####################################################################################################################*/          print "<br>......................................................................................................................................................................................................................................................................................................................................................................................................";/*#robots.txt finder*//*####################################################################################################################*/if (false!==file("$victime_pars/robots.txt")) echo "<center><font color='lime'>Found:</font> robots.txt</font>";          else echo "<center><font color='red'>Missing:</font> robots.txt";         /*####################################################################################################################*/           print "<font color='white'><br>......................................................................................................................................................................................................................................................................................................................................................................................................</font><br>";           print "<br><font color='red'><b>-> Admin Pages Scanner <- </b>(#general)</font>";$listing = array("login.php","login/login.php","login/admin.php","login/index.php","admin/admin.php","admin/login.php","admin/index.php","admins.php","admins/login.php","admins/","admins/admin.php","admins/index.php","admins/menu.php","admin1/","admin2/","admin3/","admin4/","admin5/","usuarios/","usuario/","administrator/","moderator/","webadmin/","adminarea/","bb-admin/","adminLogin/","admin_area/","panel-administracion/","instadmin/","memberadmin/","administratorlogin/","adm/","admin/account.php","admin/account.php","admin_area/admin.php","admin_area/login.php","siteadmin/login.php","siteadmin/index.php","siteadmin/login.html","admin/account.html","admin/index.html","admin/login.html","admin/admin.html","admin_area/index.php","bb-admin/index.php","bb-admin/login.php","bb-admin/admin.php","admin/home.php","admin_area/login.html","admin_area/index.html","admin/controlpanel.php","admin.php","admincp/index.asp","admincp/login.asp","admincp/index.html","admin/account.html","adminpanel.html","webadmin.html","webadmin/index.html","webadmin/admin.html","webadmin/login.html","admin/admin_login.html","admin_login.html","panel-administracion/login.html","admin/cp.php","cp.php","administrator/index.php","administrator/login.php","nsw/admin/login.php","webadmin/login.php","admin/admin_login.php","admin_login.php","administrator/account.php","administrator.php","admin_area/admin.html","pages/admin/admin-login.php","admin/admin-login.php","admin-login.php","bb-admin/index.html","bb-admin/login.html","acceso.php","bb-admin/admin.html","admin/home.html","login.php","modelsearch/login.php","moderator.php","moderator/login.php","moderator/admin.php","account.php","pages/admin/admin-login.html","admin/admin-login.html","admin-login.html","controlpanel.php","admincontrol.php","admin/adminLogin.html","adminLogin.html","admin/adminLogin.html","rcjakar/admin/login.php","adminarea/index.html","adminarea/admin.html","webadmin.php","webadmin/index.php","webadmin/admin.php","admin/controlpanel.html","admin.html","admin/cp.html","cp.html","adminpanel.php","moderator.html","administrator/index.html","administrator/login.html","user.html","administrator/account.html","administrator.html","login.html","modelsearch/login.html","moderator/login.html","adminarea/login.html","panel-administracion/index.html","panel-administracion/admin.html","modelsearch/index.html","modelsearch/admin.html","admincontrol/login.html","adm/index.html","adm.html","moderator/admin.html","user.php","account.html","controlpanel.html","admincontrol.html","panel-administracion/login.php","wp-login.php","adminLogin.php","admin/adminLogin.php","adminarea/index.php","adminarea/admin.php","adminarea/login.php","panel-administracion/index.php","panel-administracion/admin.php","modelsearch/index.php","modelsearch/admin.php","admincontrol/login.php","adm/admloginuser.php","admloginuser.php","admin2.php","admin2/login.php","admin2/index.php","usuarios/login.php","adm/index.php","adm.php","adm_auth.php","memberadmin.php","administratorlogin.php","account.asp","admin/account.asp","admin/index.asp","admin/login.asp","admin/admin.asp","admin_area/admin.asp","admin_area/login.asp","admin/account.html","admin/index.html","admin/login.html","admin/admin.html","admin_area/admin.html","admin_area/login.html","admin_area/index.html","admin_area/index.asp","bb-admin/index.asp","bb-admin/login.asp","bb-admin/admin.asp","bb-admin/index.html","bb-admin/login.html","bb-admin/admin.html","admin/home.html","admin/controlpanel.html","admin.html","admin/cp.html","cp.html","administrator/index.html","administrator/login.html","administrator/account.html","administrator.html","login.html","modelsearch/login.html","moderator.html","moderator/login.html","moderator/admin.html","account.html","controlpanel.html","admincontrol.html","admin_login.html","panel-administracion/login.html","admin/home.asp","admin/controlpanel.asp","admin.asp","pages/admin/admin-login.asp","admin/admin-login.asp","admin-login.asp","admin/cp.asp","cp.asp","administrator/account.asp","administrator.asp","acceso.asp","login.asp","admin/","login/","panel/","cp/","dashboard/","reserved/","admin_login","log-in/","admin_login.php","panel.php","dashboard.php","dashboard/index.php","account/","/account/login.php","adm.php","adm/","admin/menu.php","manager/","manager/login.php","manager/admin.php","manager/index.php","cms/login.php","cms/admin.php","news/login.php","news/admin.php","news/menu.php","editor/","editor/login.php","editor/admin.php","editor/index.php","panel/menu.php","panel/login.php","panel/admin.php","access.php","access/","access/login.php","access/admin.php","panel/index.php","adm/adm.php","adm/admin.php","adm/index.php","adm/login.php","account/admin.php","back/login.php","menu/","menu/login.php","menu/admin.php","administrator/login.php","administrator/admin.php","administrator/index.php","administer/login.php","administer/","cp/login.php","cp/","cp.php","cp/admin.php","panel/index.php","panel/login.php","reserved/login.php","reserved/index.php","panel/panel.php","panel/cp.php","cp/panel.php","signin.php","signin/","sign-in.php","sign-in/","admin/menu.php","admin/page.php","admin_page.php","admin-page.php","staff/","staff/login.php","staff/admin.php","adminpanel.php","admin-panel.php","admin_panel.php","admin_panel/","admin-panel/",              );foreach($listing as $listingg) {/*#Admin pages scanner*//*####################################################################################################################*/   if (false!==file("$victime_pars$listingg")) echo "<center><font color='lime'>Found:</font><div style='background-color: red; color: white;'><a href='$victime_pars$listingg'>$listingg</a></div></center>";                                                                                                         else echo "";     /*####################################################################################################################*/};print "<font color='white'><br>......................................................................................................................................................................................................................................................................................................................................................................................................<br></font>";print "<br><font color='red'><b>-> Admin Pages Scanner <- </b>(#ITA)</font><br>";/*#ITA*/$listing_ita = array("amministrazione/","gestione/","areariservata/","pannello/","area_riservata/","amministra/","gest/","area-riservata","amministrazione.php","gestione.php","areariservata.php","pannello.php","area_riservata.php","amministra.php","gest.php","area-riservata.php",);foreach($listing_ita as $listing_itaa) {/*#Ita Admin pages scanner*//*####################################################################################################################*/   if (false!==file("$victime_pars$listing_itaa")) echo "<center><font color='lime'>Found:</font><div style='background-color: red; color: white;'><a href='$victime_pars$listing_itaa'>$listing_itaa</a></div></center>";                                                                                                                 else echo "";     /*####################################################################################################################*/};;print "<font color='white'><br>......................................................................................................................................................................................................................................................................................................................................................................................................<br></font>";print "<br><font color='red'><b>-> UPLOAD Pages Scanner <-</b></font><br>";$listing_upload = array("upload.php","uploads.php","upload/","upload/upload.php","upload/index.php","upload/uploads.php","upload/index.php","upload/file.php","upload/files.php","upload/admin.php","upload/login.php","uploads/","uploads/upload.php","uploads/index.php","uploads/uploads.php","uploads/index.php","uploads/file.php","uploads/files.php","uploads/admin.php","uploads/login.php","pdf/upload.php","pdf/uploads.php","files/upload.php","file/upload.php","file/uploads.php","files/upload.php","images/upload.php","images/uploads.php","img/upload.php","img/uploads.php","admin/upload.php","admin/uploads.php","document/upload.php","documents/upload.php","documents/uploads.php","document/uploads.php","upload/pdf.php","uploads/pdf.php","upload/document.php","upload/documents.php","uploads/document.php","uploads/documents.php",);foreach($listing_upload as $listing_uploadd) {/*#File Upload testing*//*####################################################################################################################*/   if (false!==file("$victime_pars$listing_uploadd")) echo "<center><font color='lime'>Found:</font><div style='background-color: red; color: white;'><a href='$victime_pars$listing_uploadd'>$listing_uploadd</a></div></center>";                                                                                                                       else echo "";     /*####################################################################################################################*/};;;;print "<font color='white'><br>......................................................................................................................................................................................................................................................................................................................................................................................................<br></font>";$listing_applications = array("forum/","forum/index.php","forum/forum.php","forum/topic.php","forum/post.php","forum/page.php","forum.php","forum_post.php","forum_topic.php","forum/view_topic.php","forums.php","forums/","guestbook/","guestbook/login.php","guestbook/index.php","guestbook.php","gb/guestbook.php","guest_book.php","gb/","guestbook/post.php","guestbook/comments.php","blog/","blog/article.php","blog/post.php","blog/comments.php","blog.php","blog/blog.php","blog/index.php","blog/login.php","board.php","board/board.php","board/forum.php","forum/board.php","board/","board/index.php","thread.php","forum/thread.php","new_thread.php","forum/new_thread.php",);print "<br><font color='red'><b>-> Dynamic applications Scanner <-</b></font><br>";foreach($listing_applications as $listing_apps) {/*#Applications finder*//*####################################################################################################################*/   if (false!==file("$victime_pars$listing_apps")) echo "<center><font color='lime'>Found:</font><div style='background-color: red; color: white;'><a href='$victime_pars$listing_apps'>$listing_apps</a></div></center>";                                                                                                                 else echo "";     /*####################################################################################################################*/};print "<font color='white'><br>......................................................................................................................................................................................................................................................................................................................................................................................................<br></font>";echo "<br><font color='red'><b>-> E-mails finder <-</b></font><br>";$textt=file_get_contents("$victime");$res = preg_match_all("/[a-z0-9]+[_a-z0-9\.-]*[a-z0-9]+@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})/i",$textt,$matches);if ($res) {foreach(array_unique($matches[0]) as $email) {echo "<font color='lime'>Found:</font><div style='background-color: lime; color: white;'>";echo $email . "<br />";echo "</div>";}}else {echo "<font color='white'>No emails found.</font>";}print "<font color='white'><br>......................................................................................................................................................................................................................................................................................................................................................................................................<br></font>";print "<font color='red'><b>-> ModSecurity check <-</b></font><br>";/*#ModSecurity testing*/$XSS = "XSS.php?id=<script>alert(1);</script>";$sqli = "Sqli.php?id=1+union+select+";$LFI = "LFI.php?id=../../../../../../../../../../../../etc/passwd";print "<center><font color='lime'>check1:</font><br>";function get_http_response_code($victime) {  $headers = get_headers("$victime$XSS");        return substr($headers[0], 9, 3); }$get_http_response_code = get_http_response_code("$victime$XSS");      if ( $get_http_response_code == 404 ) {  echo "<div style='background-color: lime; color: white;'>XSS protection: OFF</div>";} elseif ( $get_http_response_code == 403 ) {   echo "<div style='background-color: red; color: white;'>XSS protection: ON</div>";}print "<center><font color='lime'>check2:</font><br>";function get_http_response_codee($victime) {  $headers = get_headers("$victime$sqli");         return substr($headers[0], 9, 3); }$get_http_response_codee = get_http_response_code("$victime$sqli");      if ( $get_http_response_codee == 404 ) {  echo "<div style='background-color: lime; color: white;'>SQL injection protection: OFF</div>";} elseif ( $get_http_response_codee == 403 ) {    echo "<div style='background-color: red; color: white;'>SQL injection protection: ON</div>";}print "<center><font color='lime'>check3:</font><br>";function get_http_response_codeee($victime) {  $headers = get_headers("$victime$LFI");        return substr($headers[0], 9, 3); }$get_http_response_codeee = get_http_response_code("$victime$LFI");      if ( $get_http_response_codeee == 404 ) {  echo "<div style='background-color: lime; color: white;'>LFI protection: OFF</div>";} elseif ( $get_http_response_codeee == 403 ) {    echo "<div style='background-color: red; color: white;'>LFI protection: ON</div>";}print "<font color='white'><br>......................................................................................................................................................................................................................................................................................................................................................................................................<br></font>";print "<a href='http://nullsite.altervista.org'>~Visit My Site</a><font color='white'> - Developed By Emiliano Febbi #2024</font>";};;;?></center></font></body></html>[/code]
Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution
7 hours ago
Packet Storm
Judge0 Sandbox Escape
7 hours ago
Packet Storm
Wireshark Analyzer 4.4.2
7 hours ago
Packet Storm
Falco 0.39.2
7 hours ago
Packet Storm
Ubuntu Security Notice USN-7118-1
7 hours ago
Packet Storm