#-Helper

_____________________________________________ *###########################################* *# Penetration Testing Tool #* *# *19/10/2024* #* *# Author: Emiliano Febbi #* *# Site: http://nullsite.altervista.org #* *# PHP code #* *###########################################* [code] #Helper v0.1 #-Helper

 _     _ _______         _____  _______  ______
 |_____| |______ |      |_____] |______ |_____/
 |     | |______ |_____ |       |______ |    \_


*******************************************
* Name Software: Helper v0.1              *
* Simple Pentesting tool at release v0.1. *
* Allowed http && https protocols.        *
* Code By Emiliano Febbi - #2024          *
* My site: http://nullsite.altervista.org *
*******************************************

#insert URL:

[site loaded]: -> $for_print"; print "
......................................................................................................................................................................................................................................................................................................................................................................................................
"; print "-> WebServer info <-
"; print_r(get_headers($victime)); print "
......................................................................................................................................................................................................................................................................................................................................................................................................
"; $victime_pars = str_replace( '/', '/', $victime); print "
-> Mini-Fuzzer <- Found:
"; /*Mini-Fuzzer*/ /*####################################################################################################################*/ $urlContent = file_get_contents("$victime_pars"); $dom = new DOMDocument(); @$dom->loadHTML($urlContent); $xpath = new DOMXPath($dom); $hrefs = $xpath->evaluate("/html/body//a"); for($i = 0; $i < $hrefs->length; $i++){ $href = $hrefs->item($i); $url = $href->getAttribute('href'); $url = filter_var($url, FILTER_SANITIZE_URL); // validate url if(!filter_var($url, FILTER_VALIDATE_URL) === false){ echo '

'.$url.'

'; } } /*####################################################################################################################*/ print "
......................................................................................................................................................................................................................................................................................................................................................................................................"; /*#robots.txt finder*/ /*####################################################################################################################*/ if (false!==file("$victime_pars/robots.txt")) echo "Found: robots.txt"; else echo "Missing: robots.txt"; /*####################################################################################################################*/ print "
......................................................................................................................................................................................................................................................................................................................................................................................................
"; print "
-> Admin Pages Scanner <- (#general)"; $listing = array( "login.php", "login/login.php", "login/admin.php", "login/index.php", "admin/admin.php", "admin/login.php", "admin/index.php", "admins.php", "admins/login.php", "admins/", "admins/admin.php", "admins/index.php", "admins/menu.php", "admin1/", "admin2/", "admin3/", "admin4/", "admin5/", "usuarios/", "usuario/", "administrator/", "moderator/", "webadmin/", "adminarea/", "bb-admin/", "adminLogin/", "admin_area/", "panel-administracion/", "instadmin/", "memberadmin/", "administratorlogin/", "adm/", "admin/account.php", "admin/account.php", "admin_area/admin.php", "admin_area/login.php", "siteadmin/login.php", "siteadmin/index.php", "siteadmin/login.html", "admin/account.html", "admin/index.html", "admin/login.html", "admin/admin.html", "admin_area/index.php", "bb-admin/index.php", "bb-admin/login.php", "bb-admin/admin.php", "admin/home.php", "admin_area/login.html", "admin_area/index.html", "admin/controlpanel.php", "admin.php", "admincp/index.asp", "admincp/login.asp", "admincp/index.html", "admin/account.html", "adminpanel.html", "webadmin.html", "webadmin/index.html", "webadmin/admin.html", "webadmin/login.html", "admin/admin_login.html", "admin_login.html", "panel-administracion/login.html", "admin/cp.php", "cp.php", "administrator/index.php", "administrator/login.php", "nsw/admin/login.php", "webadmin/login.php", "admin/admin_login.php", "admin_login.php", "administrator/account.php", "administrator.php", "admin_area/admin.html", "pages/admin/admin-login.php", "admin/admin-login.php", "admin-login.php", "bb-admin/index.html", "bb-admin/login.html", "acceso.php", "bb-admin/admin.html", "admin/home.html", "login.php", "modelsearch/login.php", "moderator.php", "moderator/login.php", "moderator/admin.php", "account.php", "pages/admin/admin-login.html", "admin/admin-login.html", "admin-login.html", "controlpanel.php", "admincontrol.php", "admin/adminLogin.html", "adminLogin.html", "admin/adminLogin.html", "rcjakar/admin/login.php", "adminarea/index.html", "adminarea/admin.html", "webadmin.php", "webadmin/index.php", "webadmin/admin.php", "admin/controlpanel.html", "admin.html", "admin/cp.html", "cp.html", "adminpanel.php", "moderator.html", "administrator/index.html", "administrator/login.html", "user.html", "administrator/account.html", "administrator.html", "login.html", "modelsearch/login.html", "moderator/login.html", "adminarea/login.html", "panel-administracion/index.html", "panel-administracion/admin.html", "modelsearch/index.html", "modelsearch/admin.html", "admincontrol/login.html", "adm/index.html", "adm.html", "moderator/admin.html", "user.php", "account.html", "controlpanel.html", "admincontrol.html", "panel-administracion/login.php", "wp-login.php", "adminLogin.php", "admin/adminLogin.php", "adminarea/index.php", "adminarea/admin.php", "adminarea/login.php", "panel-administracion/index.php", "panel-administracion/admin.php", "modelsearch/index.php", "modelsearch/admin.php", "admincontrol/login.php", "adm/admloginuser.php", "admloginuser.php", "admin2.php", "admin2/login.php", "admin2/index.php", "usuarios/login.php", "adm/index.php", "adm.php", "adm_auth.php", "memberadmin.php", "administratorlogin.php", "account.asp", "admin/account.asp", "admin/index.asp", "admin/login.asp", "admin/admin.asp", "admin_area/admin.asp", "admin_area/login.asp", "admin/account.html", "admin/index.html", "admin/login.html", "admin/admin.html", "admin_area/admin.html", "admin_area/login.html", "admin_area/index.html", "admin_area/index.asp", "bb-admin/index.asp", "bb-admin/login.asp", "bb-admin/admin.asp", "bb-admin/index.html", "bb-admin/login.html", "bb-admin/admin.html", "admin/home.html", "admin/controlpanel.html", "admin.html", "admin/cp.html", "cp.html", "administrator/index.html", "administrator/login.html", "administrator/account.html", "administrator.html", "login.html", "modelsearch/login.html", "moderator.html", "moderator/login.html", "moderator/admin.html", "account.html", "controlpanel.html", "admincontrol.html", "admin_login.html", "panel-administracion/login.html", "admin/home.asp", "admin/controlpanel.asp", "admin.asp", "pages/admin/admin-login.asp", "admin/admin-login.asp", "admin-login.asp", "admin/cp.asp", "cp.asp", "administrator/account.asp", "administrator.asp", "acceso.asp", "login.asp", "admin/", "login/", "panel/", "cp/", "dashboard/", "reserved/", "admin_login", "log-in/", "admin_login.php", "panel.php", "dashboard.php", "dashboard/index.php", "account/", "/account/login.php", "adm.php", "adm/", "admin/menu.php", "manager/", "manager/login.php", "manager/admin.php", "manager/index.php", "cms/login.php", "cms/admin.php", "news/login.php", "news/admin.php", "news/menu.php", "editor/", "editor/login.php", "editor/admin.php", "editor/index.php", "panel/menu.php", "panel/login.php", "panel/admin.php", "access.php", "access/", "access/login.php", "access/admin.php", "panel/index.php", "adm/adm.php", "adm/admin.php", "adm/index.php", "adm/login.php", "account/admin.php", "back/login.php", "menu/", "menu/login.php", "menu/admin.php", "administrator/login.php", "administrator/admin.php", "administrator/index.php", "administer/login.php", "administer/", "cp/login.php", "cp/", "cp.php", "cp/admin.php", "panel/index.php", "panel/login.php", "reserved/login.php", "reserved/index.php", "panel/panel.php", "panel/cp.php", "cp/panel.php", "signin.php", "signin/", "sign-in.php", "sign-in/", "admin/menu.php", "admin/page.php", "admin_page.php", "admin-page.php", "staff/", "staff/login.php", "staff/admin.php", "adminpanel.php", "admin-panel.php", "admin_panel.php", "admin_panel/", "admin-panel/", ); foreach($listing as $listingg) { /*#Admin pages scanner*/ /*####################################################################################################################*/ if (false!==file("$victime_pars$listingg")) echo "Found:

$listingg

"; else echo ""; /*####################################################################################################################*/ }; print "
......................................................................................................................................................................................................................................................................................................................................................................................................
"; print "
-> Admin Pages Scanner <- (#ITA)
"; /*#ITA*/ $listing_ita = array( "amministrazione/", "gestione/", "areariservata/", "pannello/", "area_riservata/", "amministra/", "gest/", "area-riservata", "amministrazione.php", "gestione.php", "areariservata.php", "pannello.php", "area_riservata.php", "amministra.php", "gest.php", "area-riservata.php", ); foreach($listing_ita as $listing_itaa) { /*#Ita Admin pages scanner*/ /*####################################################################################################################*/ if (false!==file("$victime_pars$listing_itaa")) echo "Found:

$listing_itaa

"; else echo ""; /*####################################################################################################################*/ };; print "
......................................................................................................................................................................................................................................................................................................................................................................................................
"; print "
-> UPLOAD Pages Scanner <-
"; $listing_upload = array( "upload.php", "uploads.php", "upload/", "upload/upload.php", "upload/index.php", "upload/uploads.php", "upload/index.php", "upload/file.php", "upload/files.php", "upload/admin.php", "upload/login.php", "uploads/", "uploads/upload.php", "uploads/index.php", "uploads/uploads.php", "uploads/index.php", "uploads/file.php", "uploads/files.php", "uploads/admin.php", "uploads/login.php", "pdf/upload.php", "pdf/uploads.php", "files/upload.php", "file/upload.php", "file/uploads.php", "files/upload.php", "images/upload.php", "images/uploads.php", "img/upload.php", "img/uploads.php", "admin/upload.php", "admin/uploads.php", "document/upload.php", "documents/upload.php", "documents/uploads.php", "document/uploads.php", "upload/pdf.php", "uploads/pdf.php", "upload/document.php", "upload/documents.php", "uploads/document.php", "uploads/documents.php", ); foreach($listing_upload as $listing_uploadd) { /*#File Upload testing*/ /*####################################################################################################################*/ if (false!==file("$victime_pars$listing_uploadd")) echo "Found:

$listing_uploadd

"; else echo ""; /*####################################################################################################################*/ };;;; print "
......................................................................................................................................................................................................................................................................................................................................................................................................
"; $listing_applications = array( "forum/", "forum/index.php", "forum/forum.php", "forum/topic.php", "forum/post.php", "forum/page.php", "forum.php", "forum_post.php", "forum_topic.php", "forum/view_topic.php", "forums.php", "forums/", "guestbook/", "guestbook/login.php", "guestbook/index.php", "guestbook.php", "gb/guestbook.php", "guest_book.php", "gb/", "guestbook/post.php", "guestbook/comments.php", "blog/", "blog/article.php", "blog/post.php", "blog/comments.php", "blog.php", "blog/blog.php", "blog/index.php", "blog/login.php", "board.php", "board/board.php", "board/forum.php", "forum/board.php", "board/", "board/index.php", "thread.php", "forum/thread.php", "new_thread.php", "forum/new_thread.php", ); print "
-> Dynamic applications Scanner <-
"; foreach($listing_applications as $listing_apps) { /*#Applications finder*/ /*####################################################################################################################*/ if (false!==file("$victime_pars$listing_apps")) echo "Found:

$listing_apps

"; else echo ""; /*####################################################################################################################*/ }; print "
......................................................................................................................................................................................................................................................................................................................................................................................................
"; echo "
-> E-mails finder <-
"; $textt=file_get_contents("$victime"); $res = preg_match_all( "/[a-z0-9]+[_a-z0-9\.-]*[a-z0-9]+@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})/i", $textt, $matches ); if ($res) { foreach(array_unique($matches[0]) as $email) { echo "Found:

"; echo $email . "
"; echo "

"; } } else { echo "No emails found."; } print "
......................................................................................................................................................................................................................................................................................................................................................................................................
"; print "-> ModSecurity check <-
"; /*#ModSecurity testing*/ $XSS = "XSS.php?id="; $sqli = "Sqli.php?id=1+union+select+"; $LFI = "LFI.php?id=../../../../../../../../../../../../etc/passwd"; print "check1:
"; function get_http_response_code($victime) { $headers = get_headers("$victime$XSS"); return substr($headers[0], 9, 3); } $get_http_response_code = get_http_response_code("$victime$XSS"); if ( $get_http_response_code == 404 ) { echo "

XSS protection: OFF

"; } elseif ( $get_http_response_code == 403 ) { echo "

XSS protection: ON

"; } print "check2:
"; function get_http_response_codee($victime) { $headers = get_headers("$victime$sqli"); return substr($headers[0], 9, 3); } $get_http_response_codee = get_http_response_code("$victime$sqli"); if ( $get_http_response_codee == 404 ) { echo "

SQL injection protection: OFF

"; } elseif ( $get_http_response_codee == 403 ) { echo "

SQL injection protection: ON

"; } print "check3:
"; function get_http_response_codeee($victime) { $headers = get_headers("$victime$LFI"); return substr($headers[0], 9, 3); } $get_http_response_codeee = get_http_response_code("$victime$LFI"); if ( $get_http_response_codeee == 404 ) { echo "

LFI protection: OFF

"; } elseif ( $get_http_response_codeee == 403 ) { echo "

LFI protection: ON

"; } print "
......................................................................................................................................................................................................................................................................................................................................................................................................
"; print "~Visit My Site - Developed By Emiliano Febbi #2024"; };;; ?> [/code]