-
Posts
49 -
Joined
-
Last visited
Posts posted by flyingpoptartcat
-
-
Good processes to follow: http://www.fieldsassociates.co.uk/media/images/diagram_steps.gif
-
is nikto pronounced -> nick - toe
or -> nick - too
or -> neek - too
or -> neek - toe
i personally say nick - toe
-
very funny. but not very accurate. but they do a good job with the background decor with O'Reilly and EFF stickers and such
-
this make me angry when i see governments trying to control something that was mean't to be free (not $)
-
remember to check for updates
-
I started a project on google code. id love your feedback! Contribute if you wish.
http://code.google.com/p/web-sorrow/
A perl based tool used for checking a Web server for misconfiguration, version detection, enumeration, and server information. I will build more Functionality in the future. what is's NOT: Vulnerably scanner, inspection proxy, DDoS tool, exploitation framework. It's entirely focused on Enumeration and collecting Info on the target server
CURRENT functionality:
-S - stands for standard. a set of Standard tests and includes: indexing of directories testing, banner grabbing, language detection (should be obvious), robots.txt, 200 response testing (some servers send a 200 ok for every req), and thumbs.db scanning
-auth - looks for login pages with a list of some of the most common login files and dirs and admin consoles. don't need to be very big list of URLs because what else are going to name it? notAlogin.php???
-Cp - scan with a huge list of plugins dirs. the list is a bit old (Drupal and wordpress plugins databases are now current but sorry joomla's still a bit old)
-I - searches the responses for interesting strings
-Ws - looks for web services such as hosting provider, blogging services, favicon fingerprinting, and cms version info
-Fd - look for generally things people don't want you to see. The list is generated form a TON of robot.txt so whatever it finds should be interesting.
-ninja - A light weight and undetectable scan that uses bits and peaces from other scans
-R - use http range headers to make scans faster
-Shadow - Use Google cache instead of requesting from the target host
-Sd - Bruteforce Sub Domains
-Db - Bruteforce Directories with the big dirbuster Database
-ua - use a custom UserAgent. PUT UA IN QUOTES if theres spaces
-proxy - send all http reqs via a proxy. example: 255.255.255.254:8080
-e - run all the scans in the tool
web-sorrow also has false positives checking on most of it's requests (it pretty accurate but not perfect)
-
i think there's a hak5 segment just answering you question you should look around
-
I know how to use backtrack pretty good im just looking for a way to do it without waiting 2h for it to download and then install a VM... and both first guy
-
no matter how hard i look there is not one good tool for getting a remote router hash with out the presence of backtrack! i know wireshark but don't know how extract the password hash. any tips would help. pls don't post anything about aircrack-ng i just want the hash. (win32 if your wondering)
-
Spotify can take up a frack ton of space so this happend:
@echo off C:\sdelete -p 1 -r %userprofile%\AppData\Local\Spotify\Storage\*.file
save this to a .bat or .cmd
you can change the dir of sdelete and the passes have fun!
-
why don't you ask them? http://anonnet.org/webirc/
-
nmap -sP 0.0.0.0/0
:)
or you could just do that... :'(
-
Nice to see another person learning to use Perl, it is a great language. Try the Net::IP module for perl. It will let you replace your 4 loops with just one, and also give you the option of doing IPv6 as well as IPv4.
Also consider using the Getopt::Long module for adding in switches and parameters as it will add very little code to your script but make it very versatile.
Oh, to get the white-space to show in the code in your posts put it in code tags (pressing the <> button on the editor will give you a pair of code tags to paste your code between)
ok. thanks. ill try those
-
Well, if you are going to implement a ping, might as well use some other code to do an arp, if its a local network, as a ping might be ignored, but they will still reply to an arp. They have to reply to arp since its basics of networking, but there are various types of arp which a device might not reply to, depending on the OS and software/hardware in use. I used to use a bat script in windows to do this, to find other machines on the local network, for ones that didn't reply to a ping, but will give up the ghost via an arp reply after the ping. ;)
Thats a good idea. ill post some new code later to add that feature
but i can't install any arp packages
-
Nice script very straight forward and concise.
Thank YOu
-
make more pretty in $i1 for loop:
if($Ping){
print "$IpAddr up\n";
} else {
if($i1 = 255) {
print "status: $IpAddr\n";
}
}
-
this one might be faster:
#!/usr/bin/perl
use IO::Socket;
for($i4 = 1; $i4 < 256;$i4++){
for($i3 = 1; $i3 < 256;$i3++){
for($i2 = 1; $i2 < 256;$i2++){
for($i1 = 1; $i1 < 256;$i1++){
$IpAddr = $i4 . "." . $i3 . "." . $i2 . "." . $i1;
my $sock = new IO::Socket::INET (
PeerAddr => $IpAddr,
PeerPort => '80',
Proto => 'tcp',
);
if($sock){
print "$IpAddr up\n";
} else {
print "$IpAddr checked\n";
}
}
}
}
}
-
I am guessing this was just an academic, getting a handle on scripting type of exercise, right? :P
ya, it ain't very practical.
-
didn't let me use all the white space
-
hey guys, i wrote this perl script that trys pinging every posible ipAddr (ipv4) possible. id love to see this grow and be optimized with new features
use ,edit, and share the code as you wish:
version3
#!/usr/bin/perl # writen by flyingpoptartcat #perl ipbf.pl [-S ipaddr] [-sn ipaddr] [p Proto] # #useage: # -S - IP address to start at # -sn - scan just the subnet example 1.23.10.1-255 # -p - Protocall of ping use Net::Ping; use Net::IP; use Getopt::Long; my $StartIP = "1.0.0.1"; my $Subnet = "f"; my $Proto = "icmp"; GetOptions( 'S=s' => \$StartIP, 'sn=s' => \$Subnet, 'p=s' => \$Proto, ); my $Ping = Net::Ping->new("$Proto", 0, 30); print "ip brute forcer v3...\n"; if($Subnet != 'f') { &subnet(); } else { &regular(); } sub regular{ print "Protocall - $Proto\nStart IP - $StartIP\n"; my $ip = Net::IP->new("$StartIP - 255.255.255.255"); while(($ip->ip()) < "255.255.255.256" ){ print $ip->ip() . " up\n" if $Ping->ping($ip->ip()); $ip++; } } sub subnet{ print "Protocall - $Proto\nsubnet of $Subnet\n"; my $ip = Net::IP->new("$Subnet - 255.255.255.255"); for($i = 1;$i < 256;$i++){ print $ip->ip() . " up\n" if $Ping->ping($ip->ip()); $ip++; } }
version 2
#!/usr/bin/perl use Net::Ping; use Net::IP; use Getopt::Long; print "ip brute forcer v2...\n"; $StartIP = "1.0.0.1"; GetOptions( 'S=s' => \$StartIP, ) or die print q{ useage: -S - IP address to start at }; my $Ping = Net::Ping->new("icmp", 0, 30); my $ip = Net::IP->new("$StartIP - 255.255.255.255"); while(($ip->ip()) < "255.255.255.256" ){ print $ip->ip() . " up\n" if $Ping->ping($ip->ip()); $ip++; }
version 1
#!/usr/bin/perl use Net::Ping; $Ping = Net::Ping->new("icmp", 0, 18); print "ip brute forcer...\n"; for($i4 = 1; $i4 < 256;$i4++){ for($i3 = 1; $i3 < 256;$i3++){ for($i2 = 1; $i2 < 256;$i2++){ for($i1 = 1; $i1 < 256;$i1++){ $IpAddr = $i4 . "." . $i3 . "." . $i2 . "." . $i1; print "$IpAddr\n" if $Ping->ping($IpAddr); } } } }
Web Sorrow Tool/scanner
in Applications & Coding
Posted · Edited by flyingpoptartcat
i'v added some pretty detailed docs on http://code.google.com/p/web-sorrow/