漏洞扫描php实现代码

#!/usr/bin/php -q #!/usr/bin/php -q

/**
*     Php Vulnerability Scanner by KingOfSka @ http://www.contropoterecrew.org
*    still very early release, just for testing and coding purpose :)
*   
*    Changelog:
*   
*    12/09/06    Version 0.1 : First "working" version, should work on "almost" site, report any bug to help me :)
*    25/09/06        0.2 : Better crawling, less bandwith/resource usage, speed improved, better vuln finding code
*
**/

print_r(
-------------------------------------------------------------------------------
Php Vulnerability Scanner by KingOfska @ http://contropotere.netsons.org
    kingofska [at] gmail [dot] com
-------------------------------------------------------------------------------
);

if ($argc print_r(
Early release, please send bug report to help improving this script
--------------------------------------------------------------------------------
Usage: .$argv[0]. host [start_path][port][debug]
host:      target server (ip/hostname)
path:      path from which to start scanning, if none entered starts from /
port:       port of the http server, default 80

Examples:
.$argv[0]. localhost /folder/script.php 81

--------------------------------------------------------------------------------
);
die;
}
$host= $argv[1]; // Insert the host site i.e. : www.website.com
$start_page = $argv[2];     // Insert the start page for the scan, if empty will start from index.*
$port = 80 ;
$additional_vars = array(id,page);
$locator = array("123",\;!--"=&{()},some_inexisistent_file_to_include.php); //XSS Locator from ha.ckers.org

$debug = TRUE;
/**    Compatibility for php *    stripos() function made by rchillet at hotmail dot com
*
*/
if (!function_exists("stripos")) {
function stripos($str,$needle,$offset=0)
{
     return strpos(strtolower($str),strtolower($needle),$offset);
}
}
/**
*    Do not edit below unless you know what you do...
*/
$reqmade = 0 ;
$time_start = getmicrotime();
set_time_limit(0);
error_reporting(E_ERROR);
$checkedpages[]=;
$result[] = ;
$links[] = ;
$checkedlinks[] = ;
echo "Starting scan on $host: Starting page: $start_page ";
$site_links = index_site();
$count = count($site_links);
echo "Starting to scan $count pages... ";

foreach($site_links as $cur){

echo "Testing: $cur ";
test_page($cur);

}

$time_end = getmicrotime();
$result[time] = substr($time_end - $time_start,0,4);
$result[connections] = $reqmade;
$result[scanned] = count($checkedpages);

echo "Report:";

foreach ($result[vuln] as $type=> $url){
echo " $type vulnerability found: ";
$url = array_unique($url);
foreach($url as $cur){
echo "$cur ";
}
}
$server = get_server_info();
echo " Additional infos: ";
echo "Site running on: ".$server[software]." ";
echo "Powered by: ".$server[powered]." ";
echo "Scan took ".$result[time]." seconds to scan ".$result[scanned]." pages using ".$result[connections]." connections ";

function index_site(){
global $start_page;
array($links);
$tmp = get_links($start_page,true);
    foreach($tmp as $cur){
    $tmp2 = get_links($cur,true);
    $links = array_merge_recursive($links,$tmp2);
    }
$links = array_unique(clean_array($links));
$links[] = $start_page;
sort($links);
return($links);
}

/**
* Testes a form using global vuln locator, both GET and POST method, and print result to screen
* @author KingOfSka
* @param array $form Form to test
* @return void
*/

function test_form($form){
$ret = ;
$tmp = ;
global $host,$port,$locator,$debug,$result ;
if($form[action][0] != / AND stripos($form[action],http://) === FALSE ){$form[action] = /.$form[action];}
if ($form[method] = get){
foreach($form[vars] as $current){
        foreach($locator as $testing){
        $testing = urlencode($testing);
        $conn = fsockopen ("$host", $port, $errno, $errstr, 30);
            if (!$conn) {
                echo "$errstr ($errno)
";
            } else {
                if (!stripos(?,$data[action])){
                $req = "GET ".$form[action]."?$current=$testing HTTP/1.0 Host: $host Connection: Close ";
                }else{
                $req= "GET ".$form[action]."&$current=$testing HTTP/1.0 Host: $host Connection: Close ";
                }
                if ($debug == TRUE){echo $req;}
                fputs ($conn, $req);
                while (!feof($conn)) {
                $tmp .= fgets ($conn,128);
               
                }
            fclose ($conn);
               
                do_test($tmp,$form[action],$current);
               
                $tmp = ;
            }
        }
    }

}else if ($form[method] = post){

foreach($form[vars] as $current){
        foreach($locator as $testing){
        $testing = urlencode($testing);
        $conn = fsockopen ("$host", $port, $errno, $errstr, 30);
       &nbs