Headline
Helper 0.1
Helper is an enumerator written in PHP that helps identify directories on webservers that could be targets for things like cross site scripting, local file inclusion, remote shell upload, and remote SQL injection vulnerabilities.
_____________________________________________*###########################################**# Penetration Testing Tool #**# *19/10/2024* #**# Author: Emiliano Febbi #**# Site: http://nullsite.altervista.org #**# PHP code #**###########################################*[code] #Helper v0.1<html><head><title>#-Helper</title><style> ul.nav { width:250px; margin:0; padding:0; } ul.nav li{ list-style:none; } ul.nav a{ display:block; text-decoration:none; background:#333; color:#FFF; margin:.1em 0; padding:.2em .5em; } ul.nav a:hover, a:focus, a:active{ background:#FFF; color:#333; border:.1em solid #000; } </style></head><body><font color="white"><body bgcolor="black"><body link="white"><body vlink="white"><center><pre> _ _ _______ _____ _______ ______ |_____| |______ | |_____] |______ |_____/ | | |______ |_____ | |______ | \_******************************************** Name Software: Helper v0.1 ** Simple Pentesting tool at release v0.1. ** Allowed http && https protocols. ** Code By Emiliano Febbi - #2024 ** My site: http://nullsite.altervista.org ********************************************</pre><form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">#insert URL:<br><input type="text" name="site" value="https://www.victime.com/"><br><input type="submit" value="load"><br><?phpif($_POST['site']) { $victime = $_POST['site']; $for_print = htmlspecialchars("$victime", ENT_QUOTES);print "<br><b>[site loaded]: -></b> <font color='red'>$for_print</font>";print "<br>......................................................................................................................................................................................................................................................................................................................................................................................................<br>";print "<font color='red'><b>-> WebServer info <-</b></font><br>"; print_r(get_headers($victime));print "<br>......................................................................................................................................................................................................................................................................................................................................................................................................<br>"; $victime_pars = str_replace( '/', '/', $victime);print "<br><font color='red'><b>-> Mini-Fuzzer <-</b></font><font color='lime'> Found:</font><br>";/*Mini-Fuzzer*//*####################################################################################################################*/$urlContent = file_get_contents("$victime_pars"); $dom = new DOMDocument();@$dom->loadHTML($urlContent); $xpath = new DOMXPath($dom);$hrefs = $xpath->evaluate("/html/body//a");for($i = 0; $i < $hrefs->length; $i++){ $href = $hrefs->item($i); $url = $href->getAttribute('href'); $url = filter_var($url, FILTER_SANITIZE_URL); // validate url if(!filter_var($url, FILTER_VALIDATE_URL) === false){ echo ' <ul class="nav"><li><a href="'.$url.'">'.$url.'</a></li></ul><br />'; }}/*####################################################################################################################*/ print "<br>......................................................................................................................................................................................................................................................................................................................................................................................................";/*#robots.txt finder*//*####################################################################################################################*/if (false!==file("$victime_pars/robots.txt")) echo "<center><font color='lime'>Found:</font> robots.txt</font>"; else echo "<center><font color='red'>Missing:</font> robots.txt"; /*####################################################################################################################*/ print "<font color='white'><br>......................................................................................................................................................................................................................................................................................................................................................................................................</font><br>"; print "<br><font color='red'><b>-> Admin Pages Scanner <- </b>(#general)</font>";$listing = array("login.php","login/login.php","login/admin.php","login/index.php","admin/admin.php","admin/login.php","admin/index.php","admins.php","admins/login.php","admins/","admins/admin.php","admins/index.php","admins/menu.php","admin1/","admin2/","admin3/","admin4/","admin5/","usuarios/","usuario/","administrator/","moderator/","webadmin/","adminarea/","bb-admin/","adminLogin/","admin_area/","panel-administracion/","instadmin/","memberadmin/","administratorlogin/","adm/","admin/account.php","admin/account.php","admin_area/admin.php","admin_area/login.php","siteadmin/login.php","siteadmin/index.php","siteadmin/login.html","admin/account.html","admin/index.html","admin/login.html","admin/admin.html","admin_area/index.php","bb-admin/index.php","bb-admin/login.php","bb-admin/admin.php","admin/home.php","admin_area/login.html","admin_area/index.html","admin/controlpanel.php","admin.php","admincp/index.asp","admincp/login.asp","admincp/index.html","admin/account.html","adminpanel.html","webadmin.html","webadmin/index.html","webadmin/admin.html","webadmin/login.html","admin/admin_login.html","admin_login.html","panel-administracion/login.html","admin/cp.php","cp.php","administrator/index.php","administrator/login.php","nsw/admin/login.php","webadmin/login.php","admin/admin_login.php","admin_login.php","administrator/account.php","administrator.php","admin_area/admin.html","pages/admin/admin-login.php","admin/admin-login.php","admin-login.php","bb-admin/index.html","bb-admin/login.html","acceso.php","bb-admin/admin.html","admin/home.html","login.php","modelsearch/login.php","moderator.php","moderator/login.php","moderator/admin.php","account.php","pages/admin/admin-login.html","admin/admin-login.html","admin-login.html","controlpanel.php","admincontrol.php","admin/adminLogin.html","adminLogin.html","admin/adminLogin.html","rcjakar/admin/login.php","adminarea/index.html","adminarea/admin.html","webadmin.php","webadmin/index.php","webadmin/admin.php","admin/controlpanel.html","admin.html","admin/cp.html","cp.html","adminpanel.php","moderator.html","administrator/index.html","administrator/login.html","user.html","administrator/account.html","administrator.html","login.html","modelsearch/login.html","moderator/login.html","adminarea/login.html","panel-administracion/index.html","panel-administracion/admin.html","modelsearch/index.html","modelsearch/admin.html","admincontrol/login.html","adm/index.html","adm.html","moderator/admin.html","user.php","account.html","controlpanel.html","admincontrol.html","panel-administracion/login.php","wp-login.php","adminLogin.php","admin/adminLogin.php","adminarea/index.php","adminarea/admin.php","adminarea/login.php","panel-administracion/index.php","panel-administracion/admin.php","modelsearch/index.php","modelsearch/admin.php","admincontrol/login.php","adm/admloginuser.php","admloginuser.php","admin2.php","admin2/login.php","admin2/index.php","usuarios/login.php","adm/index.php","adm.php","adm_auth.php","memberadmin.php","administratorlogin.php","account.asp","admin/account.asp","admin/index.asp","admin/login.asp","admin/admin.asp","admin_area/admin.asp","admin_area/login.asp","admin/account.html","admin/index.html","admin/login.html","admin/admin.html","admin_area/admin.html","admin_area/login.html","admin_area/index.html","admin_area/index.asp","bb-admin/index.asp","bb-admin/login.asp","bb-admin/admin.asp","bb-admin/index.html","bb-admin/login.html","bb-admin/admin.html","admin/home.html","admin/controlpanel.html","admin.html","admin/cp.html","cp.html","administrator/index.html","administrator/login.html","administrator/account.html","administrator.html","login.html","modelsearch/login.html","moderator.html","moderator/login.html","moderator/admin.html","account.html","controlpanel.html","admincontrol.html","admin_login.html","panel-administracion/login.html","admin/home.asp","admin/controlpanel.asp","admin.asp","pages/admin/admin-login.asp","admin/admin-login.asp","admin-login.asp","admin/cp.asp","cp.asp","administrator/account.asp","administrator.asp","acceso.asp","login.asp","admin/","login/","panel/","cp/","dashboard/","reserved/","admin_login","log-in/","admin_login.php","panel.php","dashboard.php","dashboard/index.php","account/","/account/login.php","adm.php","adm/","admin/menu.php","manager/","manager/login.php","manager/admin.php","manager/index.php","cms/login.php","cms/admin.php","news/login.php","news/admin.php","news/menu.php","editor/","editor/login.php","editor/admin.php","editor/index.php","panel/menu.php","panel/login.php","panel/admin.php","access.php","access/","access/login.php","access/admin.php","panel/index.php","adm/adm.php","adm/admin.php","adm/index.php","adm/login.php","account/admin.php","back/login.php","menu/","menu/login.php","menu/admin.php","administrator/login.php","administrator/admin.php","administrator/index.php","administer/login.php","administer/","cp/login.php","cp/","cp.php","cp/admin.php","panel/index.php","panel/login.php","reserved/login.php","reserved/index.php","panel/panel.php","panel/cp.php","cp/panel.php","signin.php","signin/","sign-in.php","sign-in/","admin/menu.php","admin/page.php","admin_page.php","admin-page.php","staff/","staff/login.php","staff/admin.php","adminpanel.php","admin-panel.php","admin_panel.php","admin_panel/","admin-panel/", );foreach($listing as $listingg) {/*#Admin pages scanner*//*####################################################################################################################*/ if (false!==file("$victime_pars$listingg")) echo "<center><font color='lime'>Found:</font><div style='background-color: red; color: white;'><a href='$victime_pars$listingg'>$listingg</a></div></center>"; else echo ""; /*####################################################################################################################*/};print "<font color='white'><br>......................................................................................................................................................................................................................................................................................................................................................................................................<br></font>";print "<br><font color='red'><b>-> Admin Pages Scanner <- </b>(#ITA)</font><br>";/*#ITA*/$listing_ita = array("amministrazione/","gestione/","areariservata/","pannello/","area_riservata/","amministra/","gest/","area-riservata","amministrazione.php","gestione.php","areariservata.php","pannello.php","area_riservata.php","amministra.php","gest.php","area-riservata.php",);foreach($listing_ita as $listing_itaa) {/*#Ita Admin pages scanner*//*####################################################################################################################*/ if (false!==file("$victime_pars$listing_itaa")) echo "<center><font color='lime'>Found:</font><div style='background-color: red; color: white;'><a href='$victime_pars$listing_itaa'>$listing_itaa</a></div></center>"; else echo ""; /*####################################################################################################################*/};;print "<font color='white'><br>......................................................................................................................................................................................................................................................................................................................................................................................................<br></font>";print "<br><font color='red'><b>-> UPLOAD Pages Scanner <-</b></font><br>";$listing_upload = array("upload.php","uploads.php","upload/","upload/upload.php","upload/index.php","upload/uploads.php","upload/index.php","upload/file.php","upload/files.php","upload/admin.php","upload/login.php","uploads/","uploads/upload.php","uploads/index.php","uploads/uploads.php","uploads/index.php","uploads/file.php","uploads/files.php","uploads/admin.php","uploads/login.php","pdf/upload.php","pdf/uploads.php","files/upload.php","file/upload.php","file/uploads.php","files/upload.php","images/upload.php","images/uploads.php","img/upload.php","img/uploads.php","admin/upload.php","admin/uploads.php","document/upload.php","documents/upload.php","documents/uploads.php","document/uploads.php","upload/pdf.php","uploads/pdf.php","upload/document.php","upload/documents.php","uploads/document.php","uploads/documents.php",);foreach($listing_upload as $listing_uploadd) {/*#File Upload testing*//*####################################################################################################################*/ if (false!==file("$victime_pars$listing_uploadd")) echo "<center><font color='lime'>Found:</font><div style='background-color: red; color: white;'><a href='$victime_pars$listing_uploadd'>$listing_uploadd</a></div></center>"; else echo ""; /*####################################################################################################################*/};;;;print "<font color='white'><br>......................................................................................................................................................................................................................................................................................................................................................................................................<br></font>";$listing_applications = array("forum/","forum/index.php","forum/forum.php","forum/topic.php","forum/post.php","forum/page.php","forum.php","forum_post.php","forum_topic.php","forum/view_topic.php","forums.php","forums/","guestbook/","guestbook/login.php","guestbook/index.php","guestbook.php","gb/guestbook.php","guest_book.php","gb/","guestbook/post.php","guestbook/comments.php","blog/","blog/article.php","blog/post.php","blog/comments.php","blog.php","blog/blog.php","blog/index.php","blog/login.php","board.php","board/board.php","board/forum.php","forum/board.php","board/","board/index.php","thread.php","forum/thread.php","new_thread.php","forum/new_thread.php",);print "<br><font color='red'><b>-> Dynamic applications Scanner <-</b></font><br>";foreach($listing_applications as $listing_apps) {/*#Applications finder*//*####################################################################################################################*/ if (false!==file("$victime_pars$listing_apps")) echo "<center><font color='lime'>Found:</font><div style='background-color: red; color: white;'><a href='$victime_pars$listing_apps'>$listing_apps</a></div></center>"; else echo ""; /*####################################################################################################################*/};print "<font color='white'><br>......................................................................................................................................................................................................................................................................................................................................................................................................<br></font>";echo "<br><font color='red'><b>-> E-mails finder <-</b></font><br>";$textt=file_get_contents("$victime");$res = preg_match_all("/[a-z0-9]+[_a-z0-9\.-]*[a-z0-9]+@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})/i",$textt,$matches);if ($res) {foreach(array_unique($matches[0]) as $email) {echo "<font color='lime'>Found:</font><div style='background-color: lime; color: white;'>";echo $email . "<br />";echo "</div>";}}else {echo "<font color='white'>No emails found.</font>";}print "<font color='white'><br>......................................................................................................................................................................................................................................................................................................................................................................................................<br></font>";print "<font color='red'><b>-> ModSecurity check <-</b></font><br>";/*#ModSecurity testing*/$XSS = "XSS.php?id=<script>alert(1);</script>";$sqli = "Sqli.php?id=1+union+select+";$LFI = "LFI.php?id=../../../../../../../../../../../../etc/passwd";print "<center><font color='lime'>check1:</font><br>";function get_http_response_code($victime) { $headers = get_headers("$victime$XSS"); return substr($headers[0], 9, 3); }$get_http_response_code = get_http_response_code("$victime$XSS"); if ( $get_http_response_code == 404 ) { echo "<div style='background-color: lime; color: white;'>XSS protection: OFF</div>";} elseif ( $get_http_response_code == 403 ) { echo "<div style='background-color: red; color: white;'>XSS protection: ON</div>";}print "<center><font color='lime'>check2:</font><br>";function get_http_response_codee($victime) { $headers = get_headers("$victime$sqli"); return substr($headers[0], 9, 3); }$get_http_response_codee = get_http_response_code("$victime$sqli"); if ( $get_http_response_codee == 404 ) { echo "<div style='background-color: lime; color: white;'>SQL injection protection: OFF</div>";} elseif ( $get_http_response_codee == 403 ) { echo "<div style='background-color: red; color: white;'>SQL injection protection: ON</div>";}print "<center><font color='lime'>check3:</font><br>";function get_http_response_codeee($victime) { $headers = get_headers("$victime$LFI"); return substr($headers[0], 9, 3); }$get_http_response_codeee = get_http_response_code("$victime$LFI"); if ( $get_http_response_codeee == 404 ) { echo "<div style='background-color: lime; color: white;'>LFI protection: OFF</div>";} elseif ( $get_http_response_codeee == 403 ) { echo "<div style='background-color: red; color: white;'>LFI protection: ON</div>";}print "<font color='white'><br>......................................................................................................................................................................................................................................................................................................................................................................................................<br></font>";print "<a href='http://nullsite.altervista.org'>~Visit My Site</a><font color='white'> - Developed By Emiliano Febbi #2024</font>";};;;?></center></font></body></html>[/code]