WPScan v.1.1 WordPress Security vulnerability scanner

03.56 Posted by Bocah Bego

"WPScan" adalah scanner yang memeriksa keamanan instalasi Wordpress dengan menggunakan pendekatan kotak hitam, ditulis dalam Ruby.
 
Rincian Wp-Scan adalah Sebagai Berikut :

Nama Pengguna pencacahan (dari QueryString penulis dan header lokasi)
Password yang lemah retak (multithreaded) 
Versi pencacahan (dari meta tag generator dan dari file sisi client)
Kerentanan pencacahan (berdasarkan versi)
Plugin pencacahan (2220 terpopuler secara default) 
Plugin kerentanan pencacahan (berdasarkan nama plugin)
Plugin pencacahan daftar generasi 
Lain misc Wordpress cek (nama tema, daftar dir, ...)

Changelog untuk WPScan v.1.1:

Deteksi untuk 750 plugin lagi.
Deteksi untuk 107 kerentanan plugin baru.
Deteksi untuk 447 lokasi file-file mungkin timthumb.
Fingerprinting versi lanjutan dilaksanakan.
Jalur Kendali Pengungkapan (FPD) cek.
Auto update.
Kemajuan indikator.
Peningkatan memeriksa 404 kustom.
Peningkatan Plugin deteksi.
Peningkatan pemeriksaan error_log.
Banyak bug diperbaiki. Banyak tweak kecil.

Hash Generator

02.34 Posted by Bocah Bego

<?php

$p = empty($_POST['p']) ? null : $_POST['p'];
?>
<html>
<head><title>Hash testing</title></head>
<style type="text/css">
    table {border-collapse: collapse;}
    table, td, th {border: solid 1px #ccc;}
    th {background: #e1e1e1;border-color: #999;}
    td, th {padding: 0.25em;}
    td.algo {font-weight: bold;}
    tr.on td {background: #f0f0f0;}
</style>
<body>
    <h1>String hashing</h1>
    <form method="post" action="<?php echo basename(__FILE__) ?>">
        <p><label for="p">Enter a string to hash:</label><br /><input id="p" type="text" name="p" value="<?php echo $p ?>" /></p>
        <p><input type="submit" name="submit" value="Hash It" /></p>
    </form>
 
  
    <?php if ($p): ?>
    <hr />
    <h2>Table of hash values for <em><?php echo $p ?></em> based on algorithm</h2>
    <table>
        <tr>
            <th>Algorithm</th>
            <th>Hashed value of <em><?php echo $p ?></em></th>
        </tr>
      
        <?php $on = false; foreach (hash_algos() as $algo): ?>
        <tr<?php if ($on): ?> class="on"<?php endif; ?>>
            <td class="algo"><?php echo $algo ?></td>
            <td class="hash"><?php echo hash($algo, $p) ?></td>
        </tr>
    <?php $on = !$on; endforeach; ?>
    </table>
    <?php endif; ?>
</body>
</html>

Uploads Ke Hosting kalian Save dengan save.php

PhpMyadmin Finder ( perl )

02.26 Posted by Bocah Bego

Phpmyadmin.pl:
#!/usr/bin/perl
#*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
#
# ////////////////////////////////////
# Yakamoz PHPmyadmin Finder v.x.x
# ////////////////////////////////////
#
# Title : PHPmyadmin Finder
# Author: !-Bb0yH4cK3r_Dz-!
# From : Azarbycan
# Category : Remote
# Emails : !-Bb0yH4cK3r_Dz-!@Yahoo.com , !-Bb0yH4cK3r_Dz-!@Hotmail.com , !-Bb0yH4cK3r_Dz-!@Gmail.com
#
#*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

use HTTP::Request;
use LWP::UserAgent;


system ("cls");
system ("title !-Bb0yH4cK3r_Dz-! (Yakamoz)...");
print "\t\t/////////////////////////////////////////////////\n";
print "\t\t_________________________________________________\n";
print "\t\t\t PHPmyadmin Finder v.x.x\n";
print "\t\t\t Coded By !-Bb0yH4cK3r_Dz-!\n";
print "\t\t\t Made In Azarbycan\n";
print "\t\t\t Version In English\n";
print "\t\t_________________________________________________\n";
print "\n\n";
sleep (1);
print "\n\n";
print "\t HOST=> (ex: http://www.site.com)\n";
print "\t HOST=> :";
$host=;
chomp($host);
if($host !~ /http:\/\//) { $host = "http://$host"; };

print "\n\n";
print "\t\t*-*-*-*-*-* Scanning *-*-*-*-*-*\n";
print "\n\n";
@p = ("/phpMyAdmin/",
"/phpmyadmin/",
"/PMA/",
"/admin/",
"/dbadmin/",
"/mysql/",
"/myadmin/",
"/phpmyadmin2/",
"/phpMyAdmin2/",
"/phpMyAdmin-2/",
"/php-my-admin/",
"/phpMyAdmin-2.2.3/",
"/phpMyAdmin-2.2.6/",
"/phpMyAdmin-2.5.1/",
"/phpMyAdmin-2.5.4/",
"/phpMyAdmin-2.5.5-rc1/",
"/phpMyAdmin-2.5.5-rc2/",
"/phpMyAdmin-2.5.5/",
"/phpMyAdmin-2.5.5-pl1/",
"/phpMyAdmin-2.5.6-rc1/",
"/phpMyAdmin-2.5.6-rc2/",
"/phpMyAdmin-2.5.6/",
"/phpMyAdmin-2.5.7/",
"/phpMyAdmin-2.5.7-pl1/",
"/phpMyAdmin-2.6.0-alpha/",
"/phpMyAdmin-2.6.0-alpha2/",
"/phpMyAdmin-2.6.0-beta1/",
"/phpMyAdmin-2.6.0-beta2/",
"/phpMyAdmin-2.6.0-rc1/",
"/phpMyAdmin-2.6.0-rc2/",
"/phpMyAdmin-2.6.0-rc3/",
"/phpMyAdmin-2.6.0/",
"/phpMyAdmin-2.6.0-pl1/",
"/phpMyAdmin-2.6.0-pl2/",
"/phpMyAdmin-2.6.0-pl3/",
"/phpMyAdmin-2.6.1-rc1/",
"/phpMyAdmin-2.6.1-rc2/",
"/phpMyAdmin-2.6.1/",
"/phpMyAdmin-2.6.1-pl1/",
"/phpMyAdmin-2.6.1-pl2/",
"/phpMyAdmin-2.6.1-pl3/",
"/phpMyAdmin-2.6.2-rc1/",
"/phpMyAdmin-2.6.2-beta1/",
"/phpMyAdmin-2.6.2-rc1/",
"/phpMyAdmin-2.6.2/",
"/phpMyAdmin-2.6.2-pl1/",
"/phpMyAdmin-2.6.3/",
"/phpMyAdmin-2.6.3-rc1/",
"/phpMyAdmin-2.6.3/",
"/phpMyAdmin-2.6.3-pl1/",
"/phpMyAdmin-2.6.4-rc1/",
"/phpMyAdmin-2.6.4-pl1/",
"/phpMyAdmin-2.6.4-pl2/",
"/phpMyAdmin-2.6.4-pl3/",
"/phpMyAdmin-2.6.4-pl4/",
"/phpMyAdmin-2.6.4/",
"/phpMyAdmin-2.7.0-beta1/",
"/phpMyAdmin-2.7.0-rc1/",
"/phpMyAdmin-2.7.0-pl1/",
"/phpMyAdmin-2.7.0-pl2/",
"/phpMyAdmin-2.7.0/",
"/phpMyAdmin-2.8.0-beta1/",
"/phpMyAdmin-2.8.0-rc1/",
"/phpMyAdmin-2.8.0-rc2/",
"/phpMyAdmin-2.8.0/",
"/phpMyAdmin-2.8.0.1/",
"/phpMyAdmin-2.8.0.2/",
"/phpMyAdmin-2.8.0.3/",
"/phpMyAdmin-2.8.0.4/",
"/phpMyAdmin-2.8.1-rc1/",
"/phpMyAdmin-2.8.1/",
"/phpMyAdmin-2.8.2/",
"/sqlmanager/",
"/mysqlmanager/",
"/p/m/a/",
"/PMA2005/",
"/pma2005/",
"/phpmanager/",
"/php-myadmin/",
"/phpmy-admin/",
"/webadmin/",
"/sqlweb/",
"/websql/",
"/webdb/",
"/mysqladmin/",
"/mysql-admin/");


foreach $myadmin(@p){

$url = $host.$myadmin;
$request = HTTP::Request->new(GET=>$url);
$useragent = LWP::UserAgent->new();

$response = $useragent->request($request);
if ($response->is_success){print "Found : $url\n";}
if ($response->content=~ /Access Denied/){print "Found : $url =>[Error & Access Denied]\n";}
else {print "NotFound : $myadmin\n";}



}



Langganan: Postingan (Atom)