#!perl #----------------------------------------------------------------------------------------------| #With this program you can bruteforce files, dirs, domains and sub-domains | #Authors: Alexander Rachev (a.k.a matrix_killer) and EcLiPsE | #Contact: matrix_k _at_ abv.bg | #Version: 1.0 | #Copyright: this program is under a Creative Commons Attribution 2.5 Bulgaria License. | #Greets: Bl0od3r, Acid_BDS, Alpha-fan and all other friends[they know who they are ;)] | # !WARNING! | # THIS PROGRAM IS MADE FOR EDUCATION PURPOSES ONLY ! I'M NOT RESPONSIBLE FOR YOUR ACTIONS !!! | #----------------------------------------------------------------------------------------------| #@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # $Usage$ @ # 1.For file bruteforce: @ # a)Host -> here you enter the host/server that contains some files that you want to find if they exist at all(ex: host.com) @ # b)Directory -> if you think the file is in a directory then here you specify it(ex: /foo/) or remain it blank @ # c)Dictionary -> here you have to enter the name of your word list (ex: junk.txt) @ # @ # 2.For directory bruteforce: @ # a)Host -> here you enter the host/server that contains the directory that you want to find if it exist at all(ex: host.com) @ # b)Dictionary -> here you have to enter the name of your word list (ex: junk.txt) @ # @ # 3.For domain bruteforce: @ # a)Host -> it should look like "host" or "www.host" without a domain(you are bruting it remember ?) @ # b)Dictionary -> it has to contain stuff like "com", "net" and other domain names without a .(dot) @ # @ # 4.For sub-domain bruteforce: @ # a)Host -> "host.com", "moofoo.net" ... @ # b)Dictionary -> again ordinary words without a .(dot) @ # @ # Finally you will see the result on the shell/cmd and if something is found it will be recorded it the same directory where the program is @ # Cheers and be careful what you brute :=) @ #@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ use Tk; use Tk::BrowseEntry; use Tk::Dialog; use Tk::FileSelect; use IO::Socket; $SIG{'INT'} = \&sig_catch;$SIG{'HUP'}='IGNORE';$SIG{'TERM'}='IGNORE'; $SIG{'CHLD'}='IGNORE';$SIG{'ALRM'}='IGNORE'; $|=1; sub sig_catch { exit; } my $mw = MainWindow->new ; $mw->geometry("340x170"); $mw->title("Webrute by matrix_killer and EcLiPsE"); $var1 = "Files"; $fleft=$mw->Frame()->pack ( -side => 'left', -anchor => 'ne') ; $fright=$mw->Frame()->pack ( -side => 'left', -anchor => 'nw') ; $fleft->Label ( -text => 'What to brute ? ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ; $x = $fright->BrowseEntry( -command => \&brute_what, -relief => "groove", -variable => \$var1, -font => '{Verdana} 8'); $x->insert("end", "Files"); $x->insert("end", "Dirs"); $x->insert("end", "Domains"); $x->insert("end", "Sub domains"); $x->pack( -side => "top" , -anchor => 'w'); sub brute_what { if ($var1 eq "Files") { &files; }elsif($var1 eq "Dirs") { &dirs; }elsif($var1 eq "Domains") { &domains; }elsif($var1 eq "Sub domains") { &subdomains; }} #File bruteforce @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sub files { $fright->Label( -text => ' ')->pack(); $fleft->Label( -text => ' ')->pack(); $fleft->Label ( -text => 'Host: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ; $hostf = $fright->Entry ( -relief => "groove", -width => 15, -font => '{Verdana} 8', -textvariable => '') ->pack ( -side => "top" , -anchor => 'w' ) ; $fright->Label( -text => ' ')->pack(); $fleft->Label( -text => ' ')->pack(); $fleft->Label ( -text => 'Directory: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ; $dirf = $fright->Entry ( -relief => "groove", -width => 15, -font => '{Verdana} 8', -textvariable => '') ->pack ( -side => "top" , -anchor => 'w' ) ; $fright->Label( -text => ' ')->pack(); $fleft->Label( -text => ' ')->pack(); $fleft->Label ( -text => 'Dictionary: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ; $dicf = $fright->Entry ( -relief => "groove", -width => 15, -font => '{Verdana} 8', -textvariable => '') ->pack ( -side => "top" , -anchor => 'w' ) ; $fright->Label( -text => ' ')->pack(); $fleft->Label( -text => ' ')->pack(); $fright->Button(-width => 10, -height => 10, -activebackground => "red", -activeforeground => "black", -background => "#FFFFFF", -borderwidth => 1, -text => "Brute", -command => \&brutef, -cursor => "", -font => "Tahoma 8 bold", -foreground => "#140F7B", -relief => "solid")->pack ( -side => "top" , -anchor => 'w' ) ; $fright->Label( -text => ' ')->pack(); $fright->Label( -text => ' ')->pack(); $fleft->Button(-width => 10, -height => 10, -activebackground => "red", -activeforeground => "black", -background => "#FFFFFF", -borderwidth => 1, -text => "Clear", -command => \&cleanf, -cursor => "", -font => "Tahoma 8 bold", -foreground => "#140F7B", -relief => "solid")->pack ( -side => "right" , -anchor => 'w' ) ; }; #File bruteforce @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ #Directory bruteforce @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sub dirs { $fright->Label( -text => ' ')->pack(); $fleft->Label( -text => ' ')->pack(); $fleft->Label ( -text => 'Host: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ; $hostdir = $fright->Entry ( -relief => "groove", -width => 15, -font => '{Verdana} 8', -textvariable => '') ->pack ( -side => "top" , -anchor => 'w' ) ; $fright->Label( -text => ' ')->pack(); $fleft->Label( -text => ' ')->pack(); $fleft->Label ( -text => 'Dictionary: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ; $dicdir = $fright->Entry ( -relief => "groove", -width => 15, -font => '{Verdana} 8', -textvariable => '') ->pack ( -side => "top" , -anchor => 'w' ) ; $fright->Label( -text => ' ')->pack(); $fleft->Label( -text => ' ')->pack(); $fright->Button(-width => 20, -height => 5, -activebackground => "red", -activeforeground => "black", -background => "#FFFFFF", -borderwidth => 1, -text => "Brute", -command => \&dirbrute, -cursor => "", -font => "Tahoma 8 bold", -foreground => "#140F7B", -relief => "solid")->pack ( -side => "top" , -anchor => 'w' ) ; $fright->Label( -text => ' ')->pack(); $fright->Label( -text => ' ')->pack(); $fleft->Button(-width => 20, -height => 5, -activebackground => "red", -activeforeground => "black", -background => "#FFFFFF", -borderwidth => 1, -text => "Clear", -command => \&cleandir, -cursor => "", -font => "Tahoma 8 bold", -foreground => "#140F7B", -relief => "solid")->pack ( -side => "right" , -anchor => 'w' ); }; #Directory bruteforce @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ #Domain bruteforce @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sub domains { $fright->Label( -text => ' ')->pack(); $fleft->Label( -text => ' ')->pack(); $fleft->Label ( -text => 'Host: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ; $hostdom = $fright->Entry ( -relief => "groove", -width => 15, -font => '{Verdana} 8', -textvariable => '') ->pack ( -side => "top" , -anchor => 'w' ) ; $fright->Label( -text => ' ')->pack(); $fleft->Label( -text => ' ')->pack(); $fleft->Label ( -text => 'Dictionary: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ; $dicdom = $fright->Entry ( -relief => "groove", -width => 15, -font => '{Verdana} 8', -textvariable => '') ->pack ( -side => "top" , -anchor => 'w' ) ; $fright->Label( -text => ' ')->pack(); $fleft->Label( -text => ' ')->pack(); $fright->Button(-width => 20, -height => 5, -activebackground => "red", -activeforeground => "black", -background => "#FFFFFF", -borderwidth => 1, -text => "Brute", -command => \&dombrute, -cursor => "", -font => "Tahoma 8 bold", -foreground => "#140F7B", -relief => "solid")->pack ( -side => "top" , -anchor => 'w' ) ; $fright->Label( -text => ' ')->pack(); $fright->Label( -text => ' ')->pack(); $fleft->Button(-width => 20, -height => 5, -activebackground => "red", -activeforeground => "black", -background => "#FFFFFF", -borderwidth => 1, -text => "Clear", -command => \&cleandom, -cursor => "", -font => "Tahoma 8 bold", -foreground => "#140F7B", -relief => "solid")->pack ( -side => "right" , -anchor => 'w' ); } #Domain bruteforce @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ #Sub domain bruteforce @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sub subdomains { $fright->Label( -text => ' ')->pack(); $fleft->Label( -text => ' ')->pack(); $fleft->Label ( -text => 'Host: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ; $hossubdom = $fright->Entry ( -relief => "groove", -width => 15, -font => '{Verdana} 8', -textvariable => '') ->pack ( -side => "top" , -anchor => 'w' ) ; $fright->Label( -text => ' ')->pack(); $fleft->Label( -text => ' ')->pack(); $fleft->Label ( -text => 'Dictionary: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ; $dicsubdom = $fright->Entry ( -relief => "groove", -width => 15, -font => '{Verdana} 8', -textvariable => '') ->pack ( -side => "top" , -anchor => 'w' ) ; $fright->Label( -text => ' ')->pack(); $fleft->Label( -text => ' ')->pack(); $fright->Button(-width => 20, -height => 5, -activebackground => "red", -activeforeground => "black", -background => "#FFFFFF", -borderwidth => 1, -text => "Brute", -command => \&subbrute, -cursor => "", -font => "Tahoma 8 bold", -foreground => "#140F7B", -relief => "solid")->pack ( -side => "top" , -anchor => 'w' ) ; $fright->Label( -text => ' ')->pack(); $fright->Label( -text => ' ')->pack(); $fleft->Button(-width => 20, -height => 5, -activebackground => "red", -activeforeground => "black", -background => "#FFFFFF", -borderwidth => 1, -text => "Clear", -command => \&cleansubdom, -cursor => "", -font => "Tahoma 8 bold", -foreground => "#140F7B", -relief => "solid")->pack ( -side => "right" , -anchor => 'w' ); } #Sub domain bruteforce @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sub brutef { $hostf = $hostf->get() ; $dirf = $dirf->get() ; $dicf = $dicf->get() ; if ($dirf eq "") { $dirf = "/"; } open(IN,"<$dicf") || &error; @dictionary = ; close IN; foreach $temp (@dictionary) { chomp $temp; @filetypes = ("$temp", "$temp.txt", "$temp.php", "$temp.asp", "$temp.html", "$temp.htm", "$temp.jsp", "$temp.js", "$temp.exe", "$temp.log", "$temp.tmp", "$temp.db", "$temp.mdb", "$temp.doc", "$temp.pl", "$temp.css", "$temp.py", "$temp.cgi"); $r = 0; while ($r < @filetypes) { $socket = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$hostf", PeerPort => "80") || sleep(0); print $socket "GET $dirf$filetypes[$r] HTTP/1.0\nHost: $hostf\n\n"; print "\n Trying $hostf$dirf$filetypes[$r]"; while ($answer = <$socket>) { if ($answer =~ /OK/) { if ($filetypes[$r] eq "$temp/") { push(@dirs,$filetypes[$r]); } print "\n\n\t$filetypes[$r] Found!\n"; &savelogf; close(LOG); } } $r++; } }} undef($dir); foreach $dir (@dirs) { &brutef; } sub savelogf { if (-e "./file_brute_log.txt") { open (LOG, ">>file_brute_log.txt"); } else { open (LOG, ">file_brute_log.txt"); } $time = time(); $loctime = localtime($time); print LOG "\n"; print LOG "Time: $loctime\n"; print LOG "Host: $hostf\n"; print LOG "Files Found:\n\n"; print LOG "$dir$filetypes[$r]\n"; } sub dirbrute { $hostdir = $hostdir->get() ; $dicdir = $dicdir->get() ; open(IN,"<$dicdir") || &error; @dictionary = ; close IN; foreach $temp (@dictionary) { chomp $temp; @filetype = ("$temp"); $r = 0; while ($r < @filetype) { $socket = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$hostdir", PeerPort => "80") || sleep(0); print $socket "GET /$filetype[$r]/ HTTP/1.0\nHost: $hostdir\n\n"; print "\n Trying $hostdir/$filetype[$r]"; while ($answer = <$socket>) { if ($answer =~ m/(Index of)/gi) { print "\n\n\t$hostdir/$filetype[$r] Found!\n"; &savelogdir; close(LOG); }elsif($answer =~ m/(Forbidden)/gi) { print "\n\n\t$hostdir/$filetype[$r] Found!\n"; &savelogdir; close(LOG); }} $r++; }}} sub savelogdir { if (-e "./directory_brute_log.txt") { open (LOG, ">>directory_brute_log.txt"); } else { open (LOG, ">directory_brute_log.txt"); } $time = time(); $loctime = localtime($time); print LOG "\n"; print LOG "Time: $loctime\n"; print LOG "Host: $hostdir\n"; print LOG "Directoryes Found:\n\n"; print LOG "$filetype[$r]\n"; } sub dombrute { $hostdom = $hostdom->get() ; $dicdom = $dicdom->get() ; open(IN,"<$dicdom") || &error; @dictionary = ; close IN; foreach $temp (@dictionary) { chomp $temp; @filetype = ("$temp"); $r = 0; while ($r < @filetype) { $socket = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$hostdom.$filetype[$r]", PeerPort => "80") || sleep(0); print $socket "GET / HTTP/1.0\nHost: $hostdom\n\n"; print "\n Trying $hostdom.$filetype[$r]"; while ($answer = <$socket>) { if ($answer =~ /OK/) { print "\n\n\t$hostdom.$filetype[$r] Found!\n"; &savelogdom; close(LOG); }} $r++; }}} sub savelogdom { if (-e "./domain_brute_log.txt") { open (LOG, ">>domain_brute_log.txt"); } else { open (LOG, ">domain_brute_log.txt"); } $time = time(); $loctime = localtime($time); print LOG "\n"; print LOG "Time: $loctime\n"; print LOG "Domains Found:\n\n"; print LOG "$hostdom.$filetype[$r]\n"; } sub subbrute { $hossubdom = $hossubdom->get() ; $dicsubdom = $dicsubdom->get() ; open(IN,"<$dicsubdom") || &error; @dictionary = ; close IN; foreach $temp (@dictionary) { chomp $temp; @filetype = ("$temp"); $r = 0; while ($r < @filetype) { $socket = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$filetype[$r].$hossubdom", PeerPort => "80") || sleep(0); print $socket "GET / HTTP/1.0\nHost: $hossubdom\n\n"; print "\n Trying $filetype[$r].$hossubdom"; while ($answer = <$socket>) { if ($answer =~ /OK/) { print "\n\n\t$filetype[$r].$hossubdom Found!\n"; &savelogsub; close(LOG); }} $r++; }}} sub savelogsub { if (-e "./subdomain_brute_log.txt") { open (LOG, ">>subdomain_brute_log.txt"); } else { open (LOG, ">subdomain_brute_log.txt"); } $time = time(); $loctime = localtime($time); print LOG "\n"; print LOG "Time: $loctime\n"; print LOG "Sub-domains Found:\n\n"; print LOG "$filetype[$r].$hossubdom\n"; } sub error { eval { $dialog = $mw->Dialog( -title => "Error", -text => "Dictionary not found !", -buttons => ["OK"]); $dialog->Show(); }}; sub cleanf { eval { $hostf->delete(0, 'end'); $dirf->delete(0, 'end'); $dicf->delete(0, 'end'); }}; sub cleandir { eval { $hostdir->delete(0, 'end'); $dicdir->delete(0, 'end'); }}; sub cleandom { eval { $hostdom->delete(0, 'end'); $dicdom->delete(0, 'end'); }}; sub cleansubdom { eval { $hossubdom->delete(0, 'end'); $dicsubdom->delete(0, 'end'); }}; MainLoop();