URL Vulnerability scanner v3 pentest edition [free + open source]

Tricks Duniya -ONLINE SHOPPING GUIDE, MOBILE TRICKS, ANDROID TRICKS, HACKING > RULEBRAKER ZONE > Ethical Hacking > tools > URL Vulnerability scanner v3 pentest edition [free + open source] >

Replies: 0 views: 465

Thread Rating:

0 Vote(s) - 0 Average
1
2
3
4
5

URL Vulnerability scanner v3 pentest edition [free + open source]

Threaded Mode | Linear Mode

Facebook Share

12-06-2014, 01:55 PM,

Offline

admin

Administrator

Joined: Nov 2014

Mesajlar : 609

Konular:

Rep Puanı: 7

Points: 0₹
Points: 0₹

URL Vulnerability scanner v3 pentest edition [free + open source]

URL Vulnerability scanner v3 pentest edition [free + open source]

[Image: vurl_scanner_pentest_3_0_screen.jpg]

Video tut:

I made a URL scanner a while back, which seemed popular, I had some great feedback and support so this is v3 which I've made, and did many updates (for the better) based on my experience and other peoples feedback.

Description:

This tool will check a user defined website for potentially exploitable/ vulnerable URL's by comparing them against the URL extensions in the database, for instance if your target is http://google.com and in the database you have /wp-login.php it would then check if: http://google.com/wp-login.php is available on that site by checking the response. It's a form of of scanning to help you exploit and find weaknesses within the web server. The first time you run the tool it will create a database "restuls.txt" for you, and add a few URL parameters to get you started. But you can add to or change the database as much as you wish and therefore, it's as powerful as you'd like it to be. It gives you realtime feedback and the option to save all the successful results. You'll also be happy to know it's open source, and I've also included a win32 compiled version (requires .NET 3.5+).

DOWNLOAD

And for anyone who wants to view the source, here it is:

Code:

Code:
/*

URL checker v3.0 pentest edition, coded by Dreamwalker mailto:dreamwalk1986@gmail.com

/*  */ http://Dream-walker.weebly.com 

*/

#include<windows.h>

#include<iostream>

#include<fstream>

#include<string>

#include<wininet.h>

#include <limits>

using namespace std;

#pragma comment (lib, "wininet.lib")

//Simple function to return a bool value to check whether URL is valid

bool ValidURL(string url)

   {

   bool result = false;

   HINTERNET hSession = InternetOpen("ValidURL", INTERNET_OPEN_TYPE_PRECONFIG, 0, 0, 0);

   if (hSession != 0)

      {

      HINTERNET hFile = InternetOpenUrl(hSession, url.c_str(), 0, 0, INTERNET_FLAG_RELOAD, 0);

      if (hFile != 0)

         {

         int code = 0;

         DWORD codeLen = sizeof(int);

         HttpQueryInfo(hFile, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &code, &codeLen, 0);

         result = code == HTTP_STATUS_OK || code == HTTP_STATUS_REDIRECT;

         InternetCloseHandle(hFile);

         }

      InternetCloseHandle(hSession);

      }

   return(result);

   }

int main()

{

//Just intro

SetConsoleTitle("Vulnerable URL checker 3.0 pentest edition by Dreamwalker");

SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), 7);

    cout<<"----------------------------------------------------------------------------"<<endl;

    cout<<"\tVulnerable URL checker v3.0 pentest edition coded by Dreamwalker"<<endl;

    cout<<"\t\t\thttp://Dream-Walker.weebly.com/"<<endl;

    cout<<"----------------------------------------------------------------------------"<<endl;

    /*

    This tool relies on the urls.txt file which is where is gets all the urls

    from, essentially working like a database. Here we check if urls.txt exists.

    If so, we continue to the scanning section, if not we create a new file and

    add some basic URL extensions to it. 

    */

      cout<<"Checking database...";

      ifstream reader("urls.txt",std::ios::in);

      if(!reader.good())

      {

          cout<<"Database not found, writing a new one...";

          ofstream writer("urls.txt",ios::app);

          //write some basic url extensions to our new database

          string defaulturls[20] = {"/robots.txt","/wp-login.php","/login/","/login.php","/admin.asp","/adm/",

          "/admin/","/admin.php","/admin/home.php","/admin/cp.asp","/_vti_pvt/","/_vti_pvt/service.pwd","/_vti_inf.html","/cgi-bin/",

          "/~root","/cache/","/sitemap.xml","/index.php?catid=","/index.php?id=","/login.shtml"};

          for(int i = 0; i < 20; i++)

          writer<<defaulturls[i]<<endl;

          writer.close();

          //wait 20 seconds, and inform user they need to restart so db can be loaded into mem correctly, then exit

          cout<<"DONE\nA new database \"urls.txt\" has now been created, please restart this tool"<<endl;

          cout<<"I will automatically close in 20 seconds..."<<endl;

          Sleep(20000);

          reader.close();

          return 0;

      }

      if(!reader)

      {

          cout<<"\nError reading database, ensure urls.txt is in\n"

              "the same directory as this application, if you do\n"

              "and it still isn't working, try running this program\n"

              "as Administrator as it could be an access error\n\nclosing..."<<endl;

          Sleep(20000);

          return-1;

      }cout<<"DONE!"<<endl;

      //-------------File handling all sorted---------------//

      //!TODO: the file_url array param needs updating to the MAX allowed

      string original_input_url, file_url[20000], full_url, successes;

      cout<<"Enter full URL (ignore last forward slash, for instance http://google.com):\n>";

      cin>>original_input_url;

      //PERFORM INITIAL CHECK TO SEE IF URL IS VALID

      cout<<"Performing check to see if website is valid"<<endl;

     if(ValidURL(original_input_url) == false)

     {

      cout<<"Invalid URL, closing..."<<endl;

      Sleep(10000);

      return 0;

     }

     else cout<<"That worked, now scanning files/directories..."<<endl;

     cout<<"\n##############################################################"<<endl;

    //NOW SCAN FILES/DIRECTORIES

     int i = 0;

     while (!reader.eof())

     {

      i++;

      getline(reader,file_url[i]);

      full_url = original_input_url;

      full_url += file_url[i];

      if(ValidURL(full_url) == false)

      {

          SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),12);

          cout<<full_url<<" FAILED"<<endl;           

      }

      else

      {

          SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),10);

          cout<<full_url<<" SUCCESS!"<<endl;  

          successes+=full_url+"\n";//store results for later saving

      }

      //temp: if url's are > 20000, then abort due to array bounds

      if(i >= 20000)

      {

          cout<<"Maximum URL's allowed reached, aborting..."<<endl;

          break;

      }

     }

      SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), 7);      

      cout<<"\n##############################################################\nFinished,

 do you want me to save the sucessful results? y/n:"<<endl;

      string answer;

      cin>>answer;

      //

      if((answer == "y") || (answer == "Y"))

      {

         ofstream writer2("results.txt");

         if(!writer2)

         {

             cout<<"Error writing file!"<<endl;

             return -1;

         }

         writer2<<successes<<endl;

         writer2.close();

         cout<<"OK, your results are saved in \"results.txt\""<<endl;

      }

      cout<<"Closing..."<<endl;

      //sleep for a bit

      reader.close();

      Sleep(6000);

return 0;

}

Possibly Related Threads…
Ub3rs DoS - Free Dos Tool / 1GB/S

admin signature Heart

TricksDuniya.com Heart

keep Visiting TricksDuniya
Don't Forgot to Register Yourself!

12-06-2014, 01:55 PM

« Next Oldest | Next Newest »

Users browsing this thread: 1 Guest(s)

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Ub3rs DoS - Free Dos Tool / 1GB/S	admin	0	460	12-06-2014, 01:52 PM Last Post: admin
	Post: #1 File Creator (make any file any size) free / open source [Image: 2j5cuvd.j	admin	0	426	12-06-2014, 01:50 PM Last Post: admin

Forum Jump: