基于PHP的Sanner-Inurlbr利用搜索引擎来进行漏洞批量抓取.zip资源-CSDN文库

共2个文件

php：1个

md：1个

版权申诉

150 浏览量 2023-07-22 08:48:44 上传评论收藏 55KB ZIP 举报

"基于PHP的Sanner-Inurlbr 利用搜索引擎来进行漏洞批量抓取"指的是一个使用PHP语言编写的工具，名为Sanner-Inurlbr，它利用了搜索引擎的强大功能来发现潜在的安全漏洞。这个工具主要面向网络安全专业人士和网站管理员，用于进行安全审计和漏洞检测。在网络安全领域，漏洞扫描是至关重要的一步，它可以帮助我们识别和修复可能导致数据泄露、恶意攻击或其他安全问题的弱点。Sanner-Inurlbr是这样的一个工具，通过批量查询搜索引擎的结果，它可以快速地发现网站中可能存在的公开漏洞。例如，它可能查找常见的注入攻击（如SQL注入、XSS跨站脚本）或路径遍历等漏洞。 PHP是一种广泛使用的服务器端脚本语言，特别适合于Web开发。由于许多网站和Web应用程序都是用PHP构建的，因此针对PHP的漏洞扫描工具非常实用。Sanner-Inurlbr使用PHP编写，意味着它可以无缝集成到PHP环境，对PHP应用程序进行深度分析。在实际操作中，Sanner-Inurlbr可能会使用关键词和特定的URL模式来在搜索引擎中搜索可能暴露的漏洞。例如，它可能会搜索包含错误消息、敏感文件路径或者已知漏洞特征的网页。然后，它会将这些结果整理并报告给用户，让用户能够针对这些潜在风险采取措施。 "PHP"强调了这个工具与PHP编程语言的紧密关系，意味着其工作原理、使用方法和修复策略都需要一定的PHP知识基础。如果你是PHP开发者或安全专家，理解PHP的内部工作原理、HTTP协议以及常见安全漏洞类型将有助于更好地利用Sanner-Inurlbr。【压缩包子文件的文件名称列表】中的"132692256330155775"可能是该工具的源代码文件、配置文件或者使用说明文档。下载并解压这个ZIP文件后，你需要查看文件内容来了解如何运行Sanner-Inurlbr，包括设置搜索引擎API接口（如果有的话）、输入目标网址、定义扫描规则等。通常，此类工具会提供命令行参数或配置文件选项来定制扫描行为。 Sanner-Inurlbr是一个利用PHP实现的、借助搜索引擎进行大规模漏洞探测的工具，对于保障网站安全和及时发现潜在威胁具有重要意义。正确理解和使用此工具，可以极大地提升Web应用程序的安全防护能力。在使用过程中，遵循最佳实践，如定期更新工具、理解扫描结果并及时修补漏洞，是确保网络环境安全的关键。

资源推荐

资源详情

资源评论

收起资源包目录

基于PHP的Sanner-Inurlbr 利用搜索引擎来进行漏洞批量抓取.zip （2个子文件）

132692256330155775

SCANNER-INURLBR-master

inurlbr.php 209KB

README.md 23KB

SCANNER - INURLBR =============== >Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found. ``` +-----------------------------------------------------------------------------+ | [!] Legal disclaimer: Usage of INURLBR for attacking targets without prior | | mutual consent is illegal. | | It is the end user's responsibility to obey all applicable local, state and| | federal laws. | | Developers assume no liability and are not responsible for any misuse or | | damage caused by this program | +-----------------------------------------------------------------------------+ ``` ``` [+] AUTOR: googleINURL [+] EMAIL: inurlbr@gmail.com [+] Blog: http://blog.inurl.com.br [+] Twitter: https://twitter.com/googleinurl [+] Fanpage: https://fb.com/InurlBrasil [+] Pastebin http://pastebin.com/u/Googleinurl [+] GIT: https://github.com/googleinurl [+] PSS: http://packetstormsecurity.com/user/googleinurl [+] EXA: http://exploit4arab.net/author/248/Cleiton_Pinheiro [+] YOUTUBE: http://youtube.com/c/INURLBrasil [+] PLUS: http://google.com/+INURLBrasil ``` * GROUP INURL BRASIL - ADVANCED SEARCH. * SCRIPT NAME: INURLBR * Codename: Subversive * Version: 2.1.0 - Screenshot: ------ ![Screenshot](http://3.bp.blogspot.com/-H1DjYjXjqXU/VWPNTUnfeaI/AAAAAAAAA_E/B24JDIxrq3o/s1600/inurlbr.png) ![Screenshot](http://4.bp.blogspot.com/-XAohC-ga9EM/VWU1l3a3QcI/AAAAAAAAA_o/BRg0mIllOgQ/s1600/sqlmap.png) ![Screenshot](http://4.bp.blogspot.com/-bOOilZLyUFg/VWQCdHKCAwI/AAAAAAAAA_U/JAy1ChdQJU0/s1600/post.png) ![Screenshot](http://2.bp.blogspot.com/-kCYgptMhfts/VWU2eTTTKFI/AAAAAAAAA_w/eGSt7qg4HRo/s1600/exploits.png) - LIB & PERMISSION: ------ ``` ---------------------------------------------------------- PHP Version 5.4.7 php5-curl LIB php5-cli LIB cURL support enabled cURL Information 7.24.0 allow_url_fopen On permission Reading & Writing User root privilege, or is in the sudoers group Operating system LINUX Proxy random TOR ---------------------------------------------------------- [+] PERMISSION EXECUTION: chmod +x inurlbr.php [+] INSTALLING LIB CURL: sudo apt-get install php5-curl [+] INSTALLING LIB CLI: sudo apt-get install php5-cli [+] INSTALLING PROXY TOR https://www.torproject.org/docs/debian.html.en ---------------------------------------------------------- resume: apt-get install curl libcurl3 libcurl3-dev php5 php5-cli php5-curl ``` - HELP: ------ ``` -h --help Alternative long length help command. --ajuda Command to specify Help. --info Information script. --update Code update. -q Choose which search engine you want through [1...24] / [e1..6]]: [options]: 1 - GOOGLE / (CSE) GENERIC RANDOM / API 2 - BING 3 - YAHOO BR 4 - ASK 5 - HAO123 BR 6 - GOOGLE (API) 7 - LYCOS 8 - UOL BR 9 - YAHOO US 10 - SAPO 11 - DMOZ 12 - GIGABLAST 13 - NEVER 14 - BAIDU BR 15 - YANDEX 16 - ZOO 17 - HOTBOT 18 - ZHONGSOU 19 - HKSEARCH 20 - EZILION 21 - SOGOU 22 - DUCK DUCK GO 23 - BOOROW 24 - GOOGLE(CSE) GENERIC RANDOM ---------------------------------------- SPECIAL MOTORS ---------------------------------------- e1 - TOR FIND e2 - ELEPHANT e3 - TORSEARCH e4 - WIKILEAKS e5 - OTN e6 - EXPLOITS SHODAN ---------------------------------------- all - All search engines / not special motors Default: 1 Example: -q {op} Usage: -q 1 -q 5 Using more than one engine: -q 1,2,5,6,11,24 Using all engines: -q all --proxy Choose which proxy you want to use through the search engine: Example: --proxy {proxy:port} Usage: --proxy localhost:8118 --proxy socks5://googleinurl@localhost:9050 --proxy http://admin:12334@172.16.0.90:8080 --proxy-file Set font file to randomize your proxy to each search engine. Example: --proxy-file {proxys} Usage: --proxy-file proxys_list.txt --time-proxy Set the time how often the proxy will be exchanged. Example: --time-proxy {second} Usage: --time-proxy 10 --proxy-http-file Set file with urls http proxy, are used to bular capch search engines Example: --proxy-http-file {youfilehttp} Usage: --proxy-http-file http_proxys.txt --tor-random Enables the TOR function, each usage links an unique IP. -t Choose the validation type: op 1, 2, 3, 4, 5 [options]: 1 - The first type uses default errors considering the script: It establishes connection with the exploit through the get method. Demo: www.alvo.com.br/pasta/index.php?id={exploit} 2 - The second type tries to valid the error defined by: -a='VALUE_INSIDE_THE _TARGET' It also establishes connection with the exploit through the get method Demo: www.alvo.com.br/pasta/index.php?id={exploit} 3 - The third type combine both first and second types: Then, of course, it also establishes connection with the exploit through the get method Demo: www.target.com.br{exploit} Default: 1 Example: -t {op} Usage: -t 1 4 - The fourth type a validation based on source file and will be enabled scanner standard functions. The source file their values are concatenated with target url. - Set your target with command --target {http://target} - Set your file with command -o {file} Explicative: Source file values: /admin/index.php?id= /pag/index.php?id= /brazil.php?new= Demo: www.target.com.br/admin/index.php?id={exploit} www.target.com.br/pag/index.php?id={exploit} www.target.com.br/brazil.php?new={exploit} 5 - (FIND PAGE) The fifth type of validation based on the source file, Will be enabled only one validation code 200 on the target server, or if the url submit such code will be considered vulnerable. - Set your target with command --target {http://target} - Set your file with command -o {file} Explicative: Source file values: /admin/admin.php /admin.asp /admin.aspx Demo: www.target.com.br/admin/admin.php www.target.com.br/admin.asp www.target.com.br/admin.aspx Observation: If it shows the code 200 will be separated in the output file DEFAULT ERRORS: [*]JAVA INFINITYDB, [*]LOCAL FILE INCLUSION, [*]ZIMBRA MAIL, [*]ZEND FRAMEWORK, [*]ERROR MARIADB, [*]ERROR MYSQL, [*]ERROR JBOSSWEB, [*]ERROR MICROSOFT, [*]ERROR ODBC, [*]ERROR POSTGRESQL, [*]ERROR JAVA INFINITYDB, [*]ERROR PHP, [*]CMS WORDPRESS, [*]SHELL WEB, [*]ERROR JDBC, [*]ERROR ASP, [*]ERROR ORACLE, [*]ERROR DB2, [*]JDBC CFM, [*]ERROS LUA, [*]ERROR INDEFINITE --dork Defines which dork the search engine will use. Example: --dork {dork} Usage: --dork 'site:.gov.br inurl:php? id' - Using multiples dorks: Example: --dork {[DORK]dork1[DORK]dork2[DORK]dork3} Usage: --dork '[DORK]site:br[DORK]site:ar inurl:php[DORK]site:il inurl:asp' --dork-file Set font file with your search dorks. Example: --dork-file {dork_file} Usage: --dork-file 'dorks.txt' --exploit-get Defines which exploit will be injected through the GET method to each URL found. Example: --exploit-g

评论收藏

内容反馈

版权申诉