SCANNER - INURLBR
===============
>Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.
```
+-----------------------------------------------------------------------------+
| [!] Legal disclaimer: Usage of INURLBR for attacking targets without prior |
| mutual consent is illegal. |
| It is the end user's responsibility to obey all applicable local, state and|
| federal laws. |
| Developers assume no liability and are not responsible for any misuse or |
| damage caused by this program |
+-----------------------------------------------------------------------------+
```
```
[+] AUTOR: googleINURL
[+] EMAIL: inurlbr@gmail.com
[+] Blog: http://blog.inurl.com.br
[+] Twitter: https://twitter.com/googleinurl
[+] Fanpage: https://fb.com/InurlBrasil
[+] Pastebin http://pastebin.com/u/Googleinurl
[+] GIT: https://github.com/googleinurl
[+] PSS: http://packetstormsecurity.com/user/googleinurl
[+] EXA: http://exploit4arab.net/author/248/Cleiton_Pinheiro
[+] YOUTUBE: http://youtube.com/c/INURLBrasil
[+] PLUS: http://google.com/+INURLBrasil
```
* GROUP INURL BRASIL - ADVANCED SEARCH.
* SCRIPT NAME: INURLBR
* Codename: Subversive
* Version: 2.1.0
- Screenshot:
------
![Screenshot](http://3.bp.blogspot.com/-H1DjYjXjqXU/VWPNTUnfeaI/AAAAAAAAA_E/B24JDIxrq3o/s1600/inurlbr.png)
![Screenshot](http://4.bp.blogspot.com/-XAohC-ga9EM/VWU1l3a3QcI/AAAAAAAAA_o/BRg0mIllOgQ/s1600/sqlmap.png)
![Screenshot](http://4.bp.blogspot.com/-bOOilZLyUFg/VWQCdHKCAwI/AAAAAAAAA_U/JAy1ChdQJU0/s1600/post.png)
![Screenshot](http://2.bp.blogspot.com/-kCYgptMhfts/VWU2eTTTKFI/AAAAAAAAA_w/eGSt7qg4HRo/s1600/exploits.png)
- LIB & PERMISSION:
------
```
----------------------------------------------------------
PHP Version 5.4.7
php5-curl LIB
php5-cli LIB
cURL support enabled
cURL Information 7.24.0
allow_url_fopen On
permission Reading & Writing
User root privilege, or is in the sudoers group
Operating system LINUX
Proxy random TOR
----------------------------------------------------------
[+] PERMISSION EXECUTION: chmod +x inurlbr.php
[+] INSTALLING LIB CURL: sudo apt-get install php5-curl
[+] INSTALLING LIB CLI: sudo apt-get install php5-cli
[+] INSTALLING PROXY TOR https://www.torproject.org/docs/debian.html.en
----------------------------------------------------------
resume: apt-get install curl libcurl3 libcurl3-dev php5 php5-cli php5-curl
```
- HELP:
------
```
-h
--help Alternative long length help command.
--ajuda Command to specify Help.
--info Information script.
--update Code update.
-q Choose which search engine you want through [1...24] / [e1..6]]:
[options]:
1 - GOOGLE / (CSE) GENERIC RANDOM / API
2 - BING
3 - YAHOO BR
4 - ASK
5 - HAO123 BR
6 - GOOGLE (API)
7 - LYCOS
8 - UOL BR
9 - YAHOO US
10 - SAPO
11 - DMOZ
12 - GIGABLAST
13 - NEVER
14 - BAIDU BR
15 - YANDEX
16 - ZOO
17 - HOTBOT
18 - ZHONGSOU
19 - HKSEARCH
20 - EZILION
21 - SOGOU
22 - DUCK DUCK GO
23 - BOOROW
24 - GOOGLE(CSE) GENERIC RANDOM
----------------------------------------
SPECIAL MOTORS
----------------------------------------
e1 - TOR FIND
e2 - ELEPHANT
e3 - TORSEARCH
e4 - WIKILEAKS
e5 - OTN
e6 - EXPLOITS SHODAN
----------------------------------------
all - All search engines / not special motors
Default: 1
Example: -q {op}
Usage: -q 1
-q 5
Using more than one engine: -q 1,2,5,6,11,24
Using all engines: -q all
--proxy Choose which proxy you want to use through the search engine:
Example: --proxy {proxy:port}
Usage: --proxy localhost:8118
--proxy socks5://googleinurl@localhost:9050
--proxy http://admin:12334@172.16.0.90:8080
--proxy-file Set font file to randomize your proxy to each search engine.
Example: --proxy-file {proxys}
Usage: --proxy-file proxys_list.txt
--time-proxy Set the time how often the proxy will be exchanged.
Example: --time-proxy {second}
Usage: --time-proxy 10
--proxy-http-file Set file with urls http proxy,
are used to bular capch search engines
Example: --proxy-http-file {youfilehttp}
Usage: --proxy-http-file http_proxys.txt
--tor-random Enables the TOR function, each usage links an unique IP.
-t Choose the validation type: op 1, 2, 3, 4, 5
[options]:
1 - The first type uses default errors considering the script:
It establishes connection with the exploit through the get method.
Demo: www.alvo.com.br/pasta/index.php?id={exploit}
2 - The second type tries to valid the error defined by: -a='VALUE_INSIDE_THE _TARGET'
It also establishes connection with the exploit through the get method
Demo: www.alvo.com.br/pasta/index.php?id={exploit}
3 - The third type combine both first and second types:
Then, of course, it also establishes connection with the exploit through the get method
Demo: www.target.com.br{exploit}
Default: 1
Example: -t {op}
Usage: -t 1
4 - The fourth type a validation based on source file and will be enabled scanner standard functions.
The source file their values are concatenated with target url.
- Set your target with command --target {http://target}
- Set your file with command -o {file}
Explicative:
Source file values:
/admin/index.php?id=
/pag/index.php?id=
/brazil.php?new=
Demo:
www.target.com.br/admin/index.php?id={exploit}
www.target.com.br/pag/index.php?id={exploit}
www.target.com.br/brazil.php?new={exploit}
5 - (FIND PAGE) The fifth type of validation based on the source file,
Will be enabled only one validation code 200 on the target server, or if the url submit such code will be considered vulnerable.
- Set your target with command --target {http://target}
- Set your file with command -o {file}
Explicative:
Source file values:
/admin/admin.php
/admin.asp
/admin.aspx
Demo:
www.target.com.br/admin/admin.php
www.target.com.br/admin.asp
www.target.com.br/admin.aspx
Observation: If it shows the code 200 will be separated in the output file
DEFAULT ERRORS:
[*]JAVA INFINITYDB, [*]LOCAL FILE INCLUSION, [*]ZIMBRA MAIL, [*]ZEND FRAMEWORK,
[*]ERROR MARIADB, [*]ERROR MYSQL, [*]ERROR JBOSSWEB, [*]ERROR MICROSOFT,
[*]ERROR ODBC, [*]ERROR POSTGRESQL, [*]ERROR JAVA INFINITYDB, [*]ERROR PHP,
[*]CMS WORDPRESS, [*]SHELL WEB, [*]ERROR JDBC, [*]ERROR ASP,
[*]ERROR ORACLE, [*]ERROR DB2, [*]JDBC CFM, [*]ERROS LUA,
[*]ERROR INDEFINITE
--dork Defines which dork the search engine will use.
Example: --dork {dork}
Usage: --dork 'site:.gov.br inurl:php? id'
- Using multiples dorks:
Example: --dork {[DORK]dork1[DORK]dork2[DORK]dork3}
Usage: --dork '[DORK]site:br[DORK]site:ar inurl:php[DORK]site:il inurl:asp'
--dork-file Set font file with your search dorks.
Example: --dork-file {dork_file}
Usage: --dork-file 'dorks.txt'
--exploit-get Defines which exploit will be injected through the GET method to each URL found.
Example: --exploit-g
没有合适的资源?快使用搜索试试~ 我知道了~
基于PHP的Sanner-Inurlbr 利用搜索引擎来进行漏洞批量抓取.zip
共2个文件
php:1个
md:1个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 159 浏览量
2023-07-22
08:48:44
上传
评论
收藏 55KB ZIP 举报
温馨提示
基于PHP的Sanner-Inurlbr 利用搜索引擎来进行漏洞批量抓取.zip
资源推荐
资源详情
资源评论
收起资源包目录
基于PHP的Sanner-Inurlbr 利用搜索引擎来进行漏洞批量抓取.zip (2个子文件)
132692256330155775
SCANNER-INURLBR-master
inurlbr.php 209KB
README.md 23KB
共 2 条
- 1
资源评论
助力毕业
- 粉丝: 2173
- 资源: 5122
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功