+++++ Dear ….. Thank you for visiting our booth at the Myanmar Black Hacking. We hope you will have a good time and enjoyed your visit to Underground. In case we won't answer some of your questions about our Real Info, we encourage you to visit our website at www.myanmarblackhacking.com +++++ It will give you a good idea of what we can do for +++++

Mar 23, 2015

0 FuckShitUp - Multi Vulnerabilities Scanner written in PHP


Intro

  • Data grabbing:
    • URL's (geturl/massurl) -> (scan)
    • Configs, Databases, SQLi's (dork)
    • Full Path Disclosures / Users (fpds) -> (brutefpds)
    • Top websites info (top)
  • Massive scanning
    • XSS, SQLi, LFI, RFI (scan)
    • FTP, SSH, DB's, IMAP (multibruter)
    • Accurate SSH bruteforce (brutefpds)

Plan

  • Web Apps
    • Grab url's via 'geturl' or 'massurl' (massurl requires list of tags as file)
    • Scan url's parameters for vulns with 'scan'
  • Servers
    • Pick target, get ip range
    • Scan for services on each IP and bruteforce with 'multibruter'
    • Grab full path disclosures, and so linux usernames
    • Perform SSH bruteforce for specific user with 'brutefpds'
  • Info grabbing
    • Use 'dork' for automatic dorking
    • Use 'fpds' for full path disclosure grabbing
    • Use 'search' for searching someone in ur databases
    • Use 'top' for scanning all top websites of specific nation
  • Others
    • 'Stat' shows actual statistics and informations
    • 'Show' display specific file
    • 'Clear' and 'filter' - remove duplicates, remove blacklisted url's

Others

MultiBrtuer requirements (php5):
  • php5-mysql - for mysql connections
  • php5-pgsql - for postgresql connections
  • libssh2-php - for ssh connections
  • php5-sybase - for mssql connections
  • php5-imap - for imap connections
TODO:
  • Fix problems with grabbing large amount of url's
  • More search engines
  • SQL Injector
  • RFI shell uploader
  • FSU is not secure as it should be

0 comments:

Post a Comment