اینم یکی از دوستای رومانی داد :67:
[php]#!/usr/bin/perl -w
#
# Remote File Inclusion scanner created by Ironfist
# This will check a directory (& subdirectories) for php scripts, containing an inclusion.
# New in version 2: Code improved, you can set the amount of subdirs to scan, results considered critical displayed in red,
# comments containing inclusion code displayed in grey, all errors filtered out, result file looks way nicer ^_^
#
$subdirstoscan = 20;
$resultfile = "results.html"; #Dont forget to add .htm or .html
if(-e "$resultfile"){
unlink("$resultfile");
}
open(DAT,">>$resultfile") || die("Cannot Open File");
print DAT "<html><head><title>Iron's Remote File Inclusion Scanner -> Results</title></head><body><table border=1><td>WHERE</td><td>Code</td><tr>";
close(DAT);
print "Directory to read? ";
$input = <stdin>;
chop ($input);
$dir = "/*";
$deep = 0;
while($deep != $subdirstoscan){
@files = <$input$dir>;
foreach $file (@files) {
if(-f $file){
print "Checking: " .$file . "n";
open(MYINPUTFILE, "$file");
while(<MYINPUTFILE>)
{
my($line) = $_;
chomp($line);
if(($line =~ m/include_once $/i) || ($line =~ m/require_once $/i) || ($line =~ m/include_once($/i) || ($line =~ m/require_once($/i) || ($line =~ m/require $/i) || ($line =~ m/require($/i) || ($line =~ m/require $/i) || ($line =~ m/include $/i) || ($line =~ m/include($/i))
{
if(($line =~ /$_GET/) || ($line =~ /$_POST/) || ($line =~ /$_REQUEST/)){ #This could be critical
open(DAT,">>$resultfile") || die("Cannot Open File");
print DAT "<td>$file</td><td><font color=red>$line</font></td><tr>";
close(DAT);
} elsif($line =~ /^///){ #This is just a comment, but display it anyway Smile
open(DAT,">>$resultfile") || die("Cannot Open File");
print DAT "<td>$file</td><td><font color=grey>$line</font></td><tr>";
close(DAT);
}
else {
open(DAT,">>$resultfile") || die("Cannot Open File");
print DAT "<td>$file</td><td>$line</td><tr>";
close(DAT);
}
}
}
}
}
$deep++;
$dir .= "/*";
}
open(DAT,">>$resultfile") || die("Cannot Open File");
print DAT "</table>
<center> [/php]
[php]#!/usr/bin/perl -w
#
# Remote File Inclusion scanner created by Ironfist
# This will check a directory (& subdirectories) for php scripts, containing an inclusion.
# New in version 2: Code improved, you can set the amount of subdirs to scan, results considered critical displayed in red,
# comments containing inclusion code displayed in grey, all errors filtered out, result file looks way nicer ^_^
#
$subdirstoscan = 20;
$resultfile = "results.html"; #Dont forget to add .htm or .html
if(-e "$resultfile"){
unlink("$resultfile");
}
open(DAT,">>$resultfile") || die("Cannot Open File");
print DAT "<html><head><title>Iron's Remote File Inclusion Scanner -> Results</title></head><body><table border=1><td>WHERE</td><td>Code</td><tr>";
close(DAT);
print "Directory to read? ";
$input = <stdin>;
chop ($input);
$dir = "/*";
$deep = 0;
while($deep != $subdirstoscan){
@files = <$input$dir>;
foreach $file (@files) {
if(-f $file){
print "Checking: " .$file . "n";
open(MYINPUTFILE, "$file");
while(<MYINPUTFILE>)
{
my($line) = $_;
chomp($line);
if(($line =~ m/include_once $/i) || ($line =~ m/require_once $/i) || ($line =~ m/include_once($/i) || ($line =~ m/require_once($/i) || ($line =~ m/require $/i) || ($line =~ m/require($/i) || ($line =~ m/require $/i) || ($line =~ m/include $/i) || ($line =~ m/include($/i))
{
if(($line =~ /$_GET/) || ($line =~ /$_POST/) || ($line =~ /$_REQUEST/)){ #This could be critical
open(DAT,">>$resultfile") || die("Cannot Open File");
print DAT "<td>$file</td><td><font color=red>$line</font></td><tr>";
close(DAT);
} elsif($line =~ /^///){ #This is just a comment, but display it anyway Smile
open(DAT,">>$resultfile") || die("Cannot Open File");
print DAT "<td>$file</td><td><font color=grey>$line</font></td><tr>";
close(DAT);
}
else {
open(DAT,">>$resultfile") || die("Cannot Open File");
print DAT "<td>$file</td><td>$line</td><tr>";
close(DAT);
}
}
}
}
}
$deep++;
$dir .= "/*";
}
open(DAT,">>$resultfile") || die("Cannot Open File");
print DAT "</table>
<center> [/php]