#!usr/bin/perl # ################### # # ScanWebshell # ############################################X########### # ## # ___________ _____ .__ # # \_ _____/______ / | |______ | |__ # # | __) \_ __ \/ | |\____ \| | \ # # | \ | | \/ ^ / |_> > Y \ # # \___ / |__| \____ || __/|___| / # # \/ |__||__| \/ ## # ## # Independent Security Researcher ## # Copyright - Jose Pino (@Fr4phc0r3) ## # contact: jfraph@gmail.com ######### # ## V1.0 # ################################################################## # ## #----->>>|Fraph|===============> ####################################### ==> Detected. ## #----->>>(Analisis...)====> ########################### $Developed = "Fraph"; # $Twitter = "@Fr4phc0r3"; # $Version = "1.0"; # ########################### use LWP::UserAgent;# #################### my @diccionario = ('Crazyshell.php','securitypwn.php','C4nh0t0.php','superhacker.php','Dr_SHA6H.php','DrSHA6H.php','WorseLinuxShell.php','ru24_post_sh.php','RemExp.php','RemExp.asp','r57shell.php','r57_Mohajer22.php','r57_iFX.php','Priv8shell.php','Private-i3lue.php','Predator.php','PHPJackal.php','pHpINJ.php','php-include-w-shell.php','php-backdoor.php','PHANTASMA.php','PHVayv.php','NTDaddy.php','nshell.php','mysql_tool.php','MyWShell.php','MyShell.php','matamu.php','Loaderz.php','LoaderzWEBShell.php','ShellDDos.php', 'load_shell.php','Liz0ziM.php','wp-db.php','WP-DB.php','hackerarmy.php','teamhacker.php','lamashell.php','klasvayv.php','klasvayv.asp','KAdot.php','kacak.php','KA_uShell.php','FTPSHELL.php','FTPSHELL.php','JspWebshell.php','iMHaBiRLiGi.php','hiddensshell.php','go-shell.php','gfs_sh.php', 'Gamma.php','GammaWebShell.php','Elmaliseker.php','sym/jaguar.izri','jaguar.izri','jaguar.php','hackzone.php','m4y4.php','therules25.php','cracker_cpanel.php','cpanel_cracker.php','ELMALISEKER.php','ekin0x.php','EFSO_2.php','DxShell.php'); my $nyan=HTTP::Request->new(GET=>$fr4ph); my $nyan = LWP::UserAgent->new("Mozilla/5.0 (Windows NT 6.1; rv:23.0) Gecko/20100101 Firefox/23.0"); #Firefox #Firefox:>> Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12 $nyan->agent("Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"); #Chrome $nyan->timeout(6); vista(); print "Ingresa La Url ==> "; chomp( my $sitio = <stdin> ); if ( $sitio !~ /^http:/ ) { $sitio = 'http://' . $sitio; } if ( $sitio !~ /\/$/ ) { $sitio = $sitio . '/'; } escaneo($sitio); sub escaneo { print "\n"; print "-> Direccion: $sitio\n"; print "-> Escaneando: Web...\n\n\n"; for my $fr4ph (@diccionario) { $c0r3 = registro( $_[0] . "/" . $fr4ph ); if ( $c0r3->is_success ) { $flowviolento = 1; print "\a\a[+] Posible WebShell Detectada => " . $_[0] . $fr4ph . "\n"; registroescaneo( "registro.txt", $_[0] . $fr4ph ); } } if ( $flowviolento ne 1 ) { print "[-] No se encontro ninguna Webshell o la URL es incorrecta.\n"; } } sub vista { #OS system('cls'); system('clear'); system('title Fraph - Escaner Detector de WebShell '); print q{ _____ __ __ _ _ _ _ / ____| \ \ / / | | | | | | | | (___ ___ __ _ _ _\ \ /\ / /__| |__ ___| |__ ___| | | \___ \ / __/ _` | '_ \ \/ \/ / _ \ '_ \/ __| '_ \ / _ \ | | ____) | (_| (_| | | | \ /\ / __/ |_) \__ \ | | | __/ | | |_____/ \___\__,_|_| |_|\/ \/ \___|_.__/|___/_| |_|\___|_|_| ########################>ScanWebshell<######################### #- -# #- Developed By: @Fr4phc0r3 -# ##+> V1.0 <+## ##+> ################################# <+## #- # Escaner Detector de WebShell # -# ############################################################### }; print "Ejemplo: www.dominio.com o www.dominio.com/carpeta\n"; } sub registroescaneo { open( GUARDADOR, ">>" . $_[0] ); print GUARDADOR $_[1] . "\n"; close GUARDADOR; } sub registro { return $nyan->get( $_[0] ); }