[PHP] Vulnerability Scanner
<?php
set_time_limit(0);
?>
<html>
<head>
<title>Vulnerability Scanner</title>
<style type="text/css">
body
{
color: #ffffff;
text-shadow: 2px 2px #000000;
background-color: #282828;
font-family: Arial, Helvetica, sans-serif;
}
pre
{
background-color: #353535;
border: solid 1px #505050;
}
input
{
font-family: Arial, Helvetica, sans-serif;
}
.Button
{
padding: 5px 10px;
background: #303030;
border: solid #101010 1px;
color: #fff;
cursor: pointer;
font-weight: bold;
border-radius: 5px;
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
text-shadow: 1px 1px #000;
}
.Input
{
border: solid #101010 1px;
color: white;
font-weight: bold;
padding: 3px;
background-color: #252525;
}
</style>
</head>
<body>
<div align="center">
<pre>
<b><font size="9"<font style="color:white;text-shadow: 0 0 0.3em red,0 0 0.3em red;">Vulnerability Scanner</font></font></b>
</pre>
<form method="POST" action="">
Enter URL : <input type="text" name="url" value="<?php if(isset($_POST['url'])){echo(htmlentities($_POST['url']));}
else{echo('http://example.com/index.php?id=1');} ?>" size="75" class="Input" />
<input type="submit" name="submit" value="Scan" class="Button" />
</form>
<br />
<?php
//Coded by The Alchemist
//Styled and modified by ande
//Thanks again ande
class Vulnscanner
{
private $sql = array("'",'"');
private $rfi = array("http://www.facebook.com");
private $lfi = array("../etc/passwd",
"../../etc/passwd",
"../../../etc/passwd",
"../../../../etc/passwd",
"../../../../../etc/passwd",
"../../../../../../etc/passwd");
private $xss = array("'\"/><img src=\"http://owned.com\"/>");
private $sqlerrors = array("mysql_", "You have an error in your SQL syntax",
"SQL Error", "Database Error", "supplied argument is not a valid MySQL result resource");
private $rfierrors = array("Welcome to Facebook - Log In, Sign Up or Learn More", "failed to open stream: No such file or directory");
private $lfierrors = array("root:x:0:0:root:", "failed to open stream: No such file or directory");
private $xsserrors = array("<img src=\"http://owned.com\"/>");
public function isvalid($link)
{
if(filter_var($link,FILTER_VALIDATE_URL) && strstr($link,"="))
return true;
return false;
}
private function getcontents($link)
{
$agent= 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0';
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_URL,$link);
$result=@curl_exec($ch);
return $result;
}
private function errorcheck($url,$addtourl,$errorar)
{
foreach($addtourl as $val)
{
$link = $url.$val;
$contents = $this->getcontents($link);
foreach($errorar as $err)
{
if(strstr($contents, $err))
return true;
}
}
return false;
}
public function issqlvulnerable($link)
{
$orig = $link;
if($this->errorcheck($orig,$this->sql,$this->sqlerrors))
echo htmlentities($orig) ." <span style=\"color: red;\">might</span> be vulnerable to SQL Injection.<br />";
else
echo htmlentities($orig) ." is probably <span style=\"color: red;\">NOT</span> vulnerable to SQL Injection.<br />";
}
public function isrfivulnerable($link)
{
$orig = $link;
$link = substr($link,0,strpos($link,'=')+1);
if($this->errorcheck($link,$this->rfi,$this->rfierrors))
echo htmlentities($orig) ." <span style=\"color: red;\">might</span> be vulnerable to RFI.<br />";
else
echo htmlentities($orig) ." is probably <span style=\"color: red;\">NOT</span> vulnerable to RFI.<br />";
}
public function islfivulnerable($link)
{
$orig = $link;
$link = substr($link,0,strpos($link,'=')+1);
if($this->errorcheck($link,$this->lfi,$this->lfierrors))
echo htmlentities($orig) ." <span style=\"color: red;\">might</span> be vulnerable to LFI.<br />";
else
echo htmlentities($orig) ." is probably <span style=\"color: red;\">NOT</span> vulnerable to LFI.<br />";
}
public function isxssvulnerable($link)
{
$orig = $link;
$link = substr($link,0,strpos($link,'=')+1);
if($this->errorcheck($link,$this->xss,$this->xsserrors))
echo htmlentities($orig) ." <span style=\"color: red;\">might</span> be vulnerable to XSS.<br />";
else
echo htmlentities($orig) ." is probably <span style=\"color: red;\">NOT</span> vulnerable to XSS.<br />";
}
} // END OF CLASS
if(isset($_POST['url']) && isset($_POST['submit']))
{
$obj = new Vulnscanner();
$link = $_POST['url'];
if($obj->isvalid($link))
{
$obj->islfivulnerable($link);
$obj->isxssvulnerable($link);
$obj->issqlvulnerable($link);
$obj->isrfivulnerable($link);
}
else
{
echo "<span style=\"color: red;\">". htmlentities($link) ." is not a valid link.</span>";
}
}
?>
</body>
</html>
set_time_limit(0);
?>
<html>
<head>
<title>Vulnerability Scanner</title>
<style type="text/css">
body
{
color: #ffffff;
text-shadow: 2px 2px #000000;
background-color: #282828;
font-family: Arial, Helvetica, sans-serif;
}
pre
{
background-color: #353535;
border: solid 1px #505050;
}
input
{
font-family: Arial, Helvetica, sans-serif;
}
.Button
{
padding: 5px 10px;
background: #303030;
border: solid #101010 1px;
color: #fff;
cursor: pointer;
font-weight: bold;
border-radius: 5px;
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
text-shadow: 1px 1px #000;
}
.Input
{
border: solid #101010 1px;
color: white;
font-weight: bold;
padding: 3px;
background-color: #252525;
}
</style>
</head>
<body>
<div align="center">
<pre>
<b><font size="9"<font style="color:white;text-shadow: 0 0 0.3em red,0 0 0.3em red;">Vulnerability Scanner</font></font></b>
</pre>
<form method="POST" action="">
Enter URL : <input type="text" name="url" value="<?php if(isset($_POST['url'])){echo(htmlentities($_POST['url']));}
else{echo('http://example.com/index.php?id=1');} ?>" size="75" class="Input" />
<input type="submit" name="submit" value="Scan" class="Button" />
</form>
<br />
<?php
//Coded by The Alchemist
//Styled and modified by ande
//Thanks again ande
class Vulnscanner
{
private $sql = array("'",'"');
private $rfi = array("http://www.facebook.com");
private $lfi = array("../etc/passwd",
"../../etc/passwd",
"../../../etc/passwd",
"../../../../etc/passwd",
"../../../../../etc/passwd",
"../../../../../../etc/passwd");
private $xss = array("'\"/><img src=\"http://owned.com\"/>");
private $sqlerrors = array("mysql_", "You have an error in your SQL syntax",
"SQL Error", "Database Error", "supplied argument is not a valid MySQL result resource");
private $rfierrors = array("Welcome to Facebook - Log In, Sign Up or Learn More", "failed to open stream: No such file or directory");
private $lfierrors = array("root:x:0:0:root:", "failed to open stream: No such file or directory");
private $xsserrors = array("<img src=\"http://owned.com\"/>");
public function isvalid($link)
{
if(filter_var($link,FILTER_VALIDATE_URL) && strstr($link,"="))
return true;
return false;
}
private function getcontents($link)
{
$agent= 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0';
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_URL,$link);
$result=@curl_exec($ch);
return $result;
}
private function errorcheck($url,$addtourl,$errorar)
{
foreach($addtourl as $val)
{
$link = $url.$val;
$contents = $this->getcontents($link);
foreach($errorar as $err)
{
if(strstr($contents, $err))
return true;
}
}
return false;
}
public function issqlvulnerable($link)
{
$orig = $link;
if($this->errorcheck($orig,$this->sql,$this->sqlerrors))
echo htmlentities($orig) ." <span style=\"color: red;\">might</span> be vulnerable to SQL Injection.<br />";
else
echo htmlentities($orig) ." is probably <span style=\"color: red;\">NOT</span> vulnerable to SQL Injection.<br />";
}
public function isrfivulnerable($link)
{
$orig = $link;
$link = substr($link,0,strpos($link,'=')+1);
if($this->errorcheck($link,$this->rfi,$this->rfierrors))
echo htmlentities($orig) ." <span style=\"color: red;\">might</span> be vulnerable to RFI.<br />";
else
echo htmlentities($orig) ." is probably <span style=\"color: red;\">NOT</span> vulnerable to RFI.<br />";
}
public function islfivulnerable($link)
{
$orig = $link;
$link = substr($link,0,strpos($link,'=')+1);
if($this->errorcheck($link,$this->lfi,$this->lfierrors))
echo htmlentities($orig) ." <span style=\"color: red;\">might</span> be vulnerable to LFI.<br />";
else
echo htmlentities($orig) ." is probably <span style=\"color: red;\">NOT</span> vulnerable to LFI.<br />";
}
public function isxssvulnerable($link)
{
$orig = $link;
$link = substr($link,0,strpos($link,'=')+1);
if($this->errorcheck($link,$this->xss,$this->xsserrors))
echo htmlentities($orig) ." <span style=\"color: red;\">might</span> be vulnerable to XSS.<br />";
else
echo htmlentities($orig) ." is probably <span style=\"color: red;\">NOT</span> vulnerable to XSS.<br />";
}
} // END OF CLASS
if(isset($_POST['url']) && isset($_POST['submit']))
{
$obj = new Vulnscanner();
$link = $_POST['url'];
if($obj->isvalid($link))
{
$obj->islfivulnerable($link);
$obj->isxssvulnerable($link);
$obj->issqlvulnerable($link);
$obj->isrfivulnerable($link);
}
else
{
echo "<span style=\"color: red;\">". htmlentities($link) ." is not a valid link.</span>";
}
}
?>
</body>
</html>
[PHP] Vulnerability Scanner
![]()
Reviewed by Nguyen Nam Hong
on
10:34 AM
Rating:
