| Author |
Remote File Inclusion Scanner |
NoPax
Member
Posts: 70
Location: BlackCore
Joined: 11.09.08
Rank: Monster
Warn Level: 20
|
|
Hi everybody,
I'm looking for a Remote File Inclusion Scanner, that scans my php documents and says if there is an vulnerability. Is there a tool which is possible to do that ?
Thank you for your answers
Greetz
NoPax |
|
| Author |
RE: Remote File Inclusion Scanner |
skathgh420
Member
Posts: 418
Location: 127.0.0.1
Joined: 03.03.08
Rank: God |
|
|
NoPax wrote:
Is there a tool which is possible to do that ?
Yeah its called your brain. Oh yeah and its free too.
 |
   
|
| Author |
RE: Remote File Inclusion Scanner |
NoPax
Member
Posts: 70
Location: BlackCore
Joined: 11.09.08
Rank: Monster
Warn Level: 20
|
|
Yeah funny and usefull =)
But if you have a lot php files it's to much work to look through everyone. Perhaps there is a tool which scanns the files and say ther is one or not.
Greetz
NoPax |
|
|
| Author |
RE: Remote File Inclusion Scanner |
Zephyr_Pure
Member
Posts: 2402
Location:
Joined: 15.09.06
Rank: God |
|
Not that I'm aware of. Learn about RFI, then write a quick prog to regex search your PHP file for an include statement that contains $ (looking for variables, basically). Tweak as necessary.
I still check PMs from time to time.
Our responses were moronic, why shouldn't he follow suit? - Futility |
|
|
| Author |
RE: Remote File Inclusion Scanner |
clone4
Member
Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank: God |
|
|
NoPax wrote:
Yeah funny and usefull =)
But if you have a lot php files it's to much work to look through everyone. Perhaps there is a tool which scanns the files and say ther is one or not.
Greetz
NoPax
I believe that there isn't such thing. There are RFI scanners, which request the server with for instance the most common types of rfi, like http://google.com/index.php?page=, and then determine whether there is the vulnerability or not, but file scanner, I don't think so. Anyway why do you need it, just switch off register_globals in php.ini. And if you really want one, then just write something that looks for every include function in the file, and if found, checks whether it is properly sanitized...
dammit too late
[img][/img]
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl
Edited by clone4 on 23-10-08 17:01 |
|
|
| Author |
RE: Remote File Inclusion Scanner |
NoPax
Member
Posts: 70
Location: BlackCore
Joined: 11.09.08
Rank: Monster
Warn Level: 20
|
|
I need it because it would save a lot of time if you look through new php projects and to find a vuln.
@Zaphir
I can try to programm it, but I'm pretty sure it will not work =)
And I have to read about this Regex in Wikipedia because I have never heard that before.
Greetz
NoPax |
|
|
| Author |
RE: Remote File Inclusion Scanner |
Zephyr_Pure
Member
Posts: 2402
Location:
Joined: 15.09.06
Rank: God |
|
|
NoPax wrote:
@Zephyr
I can try to programm it, but I'm pretty sure it will not work =)
And I have to read about this Regex in Wikipedia because I have never heard that before.
Regex = Regular expresblockedsion
It wouldn't be difficult at all. Just look up some quick references to regex and throw something together until one works.
I still check PMs from time to time.
Our responses were moronic, why shouldn't he follow suit? - Futility |
|
|
| Author |
RE: Remote File Inclusion Scanner |
NoPax
Member
Posts: 70
Location: BlackCore
Joined: 11.09.08
Rank: Monster
Warn Level: 20
|
|
Yeah I will try it =)
Is it possible to write it in VB 6 ? At time I don't have any other programming language on my notebook.
Greetz
NoPax |
|
|
| Author |
RE: Remote File Inclusion Scanner |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
|
NoPax wrote:
Yeah I will try it =)
Is it possible to write it in VB 6 ? At time I don't have any other programming language on my notebook.
Greetz
NoPax
Erh? You can just go ahead and download some stuff like, compilers, and such. You -could- do it in VB6.0, you -should- do it in Python/perl, or, PHP.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
|
| Author |
RE: Remote File Inclusion Scanner |
NoPax
Member
Posts: 70
Location: BlackCore
Joined: 11.09.08
Rank: Monster
Warn Level: 20
|
|
I found some scblockedripts and one programm.
So here is the code if some one is interested in it:
http://snippets.dzone.com/posts/show/5094
And the prog:
http://sourceforge.net/projects/securityscanner/
Thank you for your help.
Greetz
NoPax |
|
|
| Author |
RE: Remote File Inclusion Scanner |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
Bad scwipt kiddy.
Vewwy bad indeed.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
|
| Author |
RE: Remote File Inclusion Scanner |
japanesedude
Member
Posts: 348
Location: Switzerland
Joined: 06.11.07
Rank: Uber Elite
Warn Level: 70
|
|
cat filetoscan.php | grep -n include
cat filetoscan.php | grep -n require_once
etc.
|
|
|
| Author |
RE: Remote File Inclusion Scanner |
yours31f
Second to one
Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank: Satan |
|
I might have to work on one of these, I really like the idea of have an LFI/RFI scanner.
Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.
|
|
|
| Author |
RE: Remote File Inclusion Scanner |
Uber0n
Member
Posts: 1963
Location: Sweden
Joined: 13.06.06
Rank: God |
|
|
NoPax wrote:
I found some scblockedripts and one programm.
You would benefit a LOT more by writing this yourself. Also, it's a very basic thing (just some file IO and recognizing keywords), so it's a good beginner project 
http://uber0n.webs.com/ |
|
|
| Author |
RE: Remote File Inclusion Scanner |
yours31f
Second to one
Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank: Satan |
|
Uber0n wrote:
so it's a good beginner project
Hey...
No I'm just kidding, I don't know tons about PHP so your right, That's one of the reasons I'm looking at making one. It seems like a good way to learn. Find something YOU want and would use, then learn what it takes to make it.
Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.
|
|
|
| Author |
RE: Remote File Inclusion Scanner |
NoPax
Member
Posts: 70
Location: BlackCore
Joined: 11.09.08
Rank: Monster
Warn Level: 20
|
|
Yes I will write the prog. But I found some I possted it. And it's good for learning.
So I will post maybe my prog when it's ready.
Greetz
NoPax |
|
|
| Author |
RE: Remote File Inclusion Scanner |
Uber0n
Member
Posts: 1963
Location: Sweden
Joined: 13.06.06
Rank: God |
|
|
NoPax wrote:
Yes I will write the prog. But I found some I possted it. And it's good for learning.
So I will post maybe my prog when it's ready.
Great. If you really do, respect ^^
http://uber0n.webs.com/ |
|
|
| Author |
RE: Remote File Inclusion Scanner |
NoPax
Member
Posts: 70
Location: BlackCore
Joined: 11.09.08
Rank: Monster
Warn Level: 20
|
|
It wouldn't have any sense only to use that. So it's really easy to program. I will start tomorrow programming it.
But next week I am away so it will be ready in two weeks =)
And it's always good to learn new stuff =)
Greetz
NoPax |
|
|
| Author |
RE: Remote File Inclusion Scanner |
Uber0n
Member
Posts: 1963
Location: Sweden
Joined: 13.06.06
Rank: God |
|
|
NoPax wrote:
It wouldn't have any sense only to use that. So it's really easy to program. I will start tomorrow programming it.
But next week I am away so it will be ready in two weeks =)
And it's always good to learn new stuff =)
Exactly. I respect people who are ready to learn new things in order to solve their problems themselves, instead of just downloading premade tools ^^
http://uber0n.webs.com/ |
|
|
| Author |
RE: Remote File Inclusion Scanner |
SwartMumba
Member
Posts: 292
Location: TX <--- I'm here
Joined: 18.09.07
Rank: Uber Elite |
|
|
japanesedude wrote:
cat filetoscan.php | grep -n include
cat filetoscan.php | grep -n require_once
etc.
cat filetoscan.php | egrep -n --color=auto "include|require_once"
grep uses regex. Why pound at the keyboard more than you need to. 
|
|
|
Main:
