Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
DFF Scanner
Posted by: Ivan
Date: May 04, 2007 06:55PM

Hello,

I wrote some php class for finding common folders on web locations. Maybe someone find it usefull as I'm.

It has scan in deep, proxy driven, dic file input, first letter chose, ... there is more place to upgrade, but I want to share and hear suggestions first.

DFF Scanner v 1.0

Regards,
Ivan

http://www.security-net.biz/

Options: ReplyQuote
Re: DFF Scanner
Posted by: rsnake
Date: May 08, 2007 08:05PM

Very cool... I'm thinking of writing something similar into fierce in a future revision (that is when I get off my ass and fix the connect function to be less glitchy).

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: DFF Scanner
Posted by: trev
Date: May 09, 2007 11:39AM

You are looking for the verbatim string "404 Not Found", its absence doesn't mean that the page was found however. E.g. I know at least one page that will give you "404 OK" (really :), lots of pages respond with a redirect, some give you a custom error page with regular "200 OK" status. It should be more useful to request a page that doesn't exist for sure and compare the response to a page that exists (the site root should do). Then you will either see that the status codes are different or, if they aren't, maybe you can find a characteristic string that identifies a 404 page (probably with a few more requests).

Options: ReplyQuote
Re: DFF Scanner
Posted by: Anonymous User
Date: May 09, 2007 09:38PM

Looks a little like my sn00per script, ever seen it?, it also searches for files and folders where I check the status header if it exists or not by checking the cURL http_code which can be: 404/403/200

see script: http://0x000000.com/sn00per.phps

Options: ReplyQuote
Re: DFF Scanner
Posted by: Ivan
Date: May 10, 2007 09:13AM

Hello,

@rsnake
I was thinking to write this in perl (because perfomanse) but I not such good perl programer, maybe some C# or C version in the future ... now it is essential to find, code, and implement all nessesery functions.

@trev
Good thinking, I have on "to do" list that what You are talking about.

@Ronald
I see after I posting my script and find some good ideas there.


This days I will post new version with more features ( thanks @Ronald for some ideas ;) ) ... there is more to do, but I go forward.

Regards,
Ivan

http://www.security-net.biz/

Options: ReplyQuote
Re: DFF Scanner
Posted by: Anonymous User
Date: May 11, 2007 03:39AM

I like the way you wrote it, mine was just a quick dirty hack because I needed it, still reading out the http_code which is returned was pretty efficient, because i noticed that some headers are constructed differently. And as trev said I didn't find a way to detect a forward yet, in my script the forwards are giving a http_code 200. But you notice that quickly when it lists all files found.

Anyway, I like your class approach. :)

Options: ReplyQuote
Re: DFF Scanner
Posted by: Ivan
Date: May 12, 2007 02:05PM

Ok, here it is a new version ...

It is a two classes now, first main class with folder scan and main functions, and second extended from main class that is plugin for files scan.

There is new features like more cURL settings, more default names, files scan, dictionary files use, check host exists, better recognizer of custom 404 pages, etc ...

Download >> DFF Scanner v 1.1

Please, test it. Thx.

Regards,
Ivan

http://www.security-net.biz/



Edited 2 time(s). Last edit at 05/12/2007 02:07PM by Ivan.

Options: ReplyQuote
Re: DFF Scanner
Date: May 12, 2007 06:51PM

if(ereg("(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)", $urlz[2])) {

I'm guessing is your IP validation, the same can be achieved using http://www.php.net/ip2long which would be much faster.

You also use stristr() to check for instances of a string, the same can be done using strpos() also much faster.

You also use md5() using hash('MD5', $variable) is also much faster.

That should speed up the scanning =o), Excellent class thus far, keep up the great work!

Options: ReplyQuote
Re: DFF Scanner
Posted by: Ivan
Date: May 13, 2007 05:03AM

Ip check is updated with ip2long() function and stristr is updated with stripos.
I have some problems with hash function and because that I still use md5(), but logic is optimised better (less calls to this function).

Url is the same: http://security-net.biz/files/dff/DFF.zip

CrYpTiC_MauleR, thanks for usefull tips ;)


Regards,
Ivan

http://www.security-net.biz/

Options: ReplyQuote


Sorry, only registered users may post in this forum.