#This is in development because i still have to add a checker for #when it finds a possible vulnerability and update my rif.txt file #which will take awile because about 4 come out a day it seams #these days...Check back, it will move to Scanners when finished!! #!/usr/bin/python #This is a Remote File Inclusion scanner, searches paths #for vulnerabilities. Put rif.txt in the dir #at which you are running this or change the dir path #at line 78. Not assigning an output file will print to the terminal. #If you want verbose output , un-comment lines 97,98 ##d3hydr8[at]gmail[dot]com import sys, httplib, time def main(path): try:# make a http HEAD request h = httplib.HTTP(host+":"+port) h.putrequest("HEAD", path) h.putheader("Host", host) h.endheaders() status, reason, headers = h.getreply() except: print "Error: Name or service not known. Check your host." sys.exit(1) return status, reason, headers.get("Server") def timer(): now = time.localtime(time.time()) return time.asctime(now) if len(sys.argv) != 3: print "\n\t d3hydr8[at]gmail[dot]com RemoteIncludeFileScanner v1.0" print "\t-----------------------------------------------------------" print "\n\t\t\tUsage: ./rfi.py \n" print "\t\t\tEx. ./rfi.py google.com 80\n" sys.exit(1) host = sys.argv[1] port = sys.argv[2] if host[:7] == "http://": host = host.replace("http://","") okresp = main("/")[:1] badresp,reason,server = main("/d3hydr8.html") if okresp[0] == badresp: print "\nResponses matched, try another host.\n" sys.exit(1) else: print "\n d3hydr8[at]gmail[dot]com RemoteIncludeFileScanner v1.0" print "------------------------------------------------------------" print "+ Target host:",host print "+ Target port:",port print "+ Target server:",server print "+ Target OK response:",okresp[0] print "+ Target BAD response:",badresp, reason print "+ Scan Started at",timer() try: text = open("rif.txt", "r") #vulerable list, change path/name if necessary lines = text.readlines() text.close() print "\n[--",len(lines),"paths loaded --]\n" except(IOError): print "Error: Check your vulnerabilities list path\n" num = 0 vulns = {} for line in lines: key, value = line.split(':') vulns[key] = value for (key, value) in vulns.items(): try: time.sleep(2) status, reason = main(key)[:2] except(AttributeError): pass if status == okresp[0]: num += 1 print "\t++",status,reason,":",host+key,"\n\tCheck-[",value,"\n" if status == int(401): print "\t--",status,reason,":",host+key,"\tNeeds Authentication\n\tCheck-[ ",value,"\n" #else: #uncomment for verbose mode #print "\n-",status,reason,":",key,"\n" #uncomment for verbose mode print "Scan completed at", timer() if num == 0: print "Couldn't find anything.\n" else: print "Found",num,"possible vulnerabilities, check manually.\n" if len(sys.argv) == 4: stdclose()