function full($site) { print "[-] Start full scanning mode.\n"; pmapwn($site, 1); print "[-] Start SQL Injection Scan\n"; sql($site, 1); print "[-] Start XSS Scan\n"; xss($site, 1); print "[-] Start RFI Scan\n"; rfi($site, 1); print "[-] Start LFI Scan\n"; lfi($site, 1); }
function scan() { print "\n Options:\n"; print " sqli - SQL Injection\n"; print " xss - Cross Site Scripting\n"; print " lfi - Local File Inclusion\n"; print " rfi - Remote File Inclusion\n"; print " all - F**k shit up\n"; print " What: "; $choice = fopen("php://stdin", "r"); $what = fgets($choice); print "\n File: "; $choicef = fopen("php://stdin", "r"); $whatf = fgets($choicef); $whatf = trim($whatf); if (file_exists('out/' . $whatf)) { if (trim($what) == 'sqli' || trim($what) == 'all' || trim($what) == 'sqli&xss') { print "\n\n - Testing SQL Injection for " . count(file('out/' . $whatf)) . " parameters ({$whatf})\n"; $urls = file('out/' . $whatf); foreach ($urls as $link) { sqli(urldecode($link)); } } if (trim($what) == 'xss' || trim($what) == 'all' || trim($what) == 'sqli&xss') { print "\n\n - Testing Cross Site Scripting for " . count(file('out/' . $whatf)) . " parameters ({$whatf})\n"; $urls = file('out/' . $whatf); foreach ($urls as $link) { xss(urldecode($link)); } } if (trim($what) == 'lfi' || trim($what) == 'all' || trim($what == 'lfi&rfi')) { print "\n\n - Testing Local File Inclusion for " . count(file('out/' . $whatf)) . " parameters ({$whatf})\n"; $urls = file('out/' . $whatf); foreach ($urls as $link) { lfi(urldecode($link)); } } if (trim($what) == 'rfi' || trim($what) == 'all' || trim($what == 'lfi&rfi')) { print "\n\n - Testing Remote File Inclusion for " . count(file('out/' . $whatf)) . " parameters ({$whatf})\n"; $urls = file('out/' . $whatf); foreach ($urls as $link) { rfi(urldecode($link)); } } } else { print "\nFile doesnt exist!\n"; } }